rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos/services/homepage.nix

287 lines
9.3 KiB
Nix
Raw Normal View History

Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
{ config, lib, pkgs, ... }:
Auto-extract API keys for Homepage dashboard Adds a systemd oneshot that runs before homepage-dashboard and: - Reads *arr API keys from their config.xml files - Reads Bazarr key from config.ini - Creates a Jellyfin API key in the DB if one named "Homepage" doesn't exist - Uses localhost for qBittorrent (LocalHostAuth=false, no creds needed) - Writes everything to /etc/homepage-secrets Zero manual setup — all keys are extracted or generated automatically. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 13:13:17 +01:00
let
# Script that extracts API keys from all services and writes /etc/homepage-secrets
extractSecrets = pkgs.writeShellScript "extract-homepage-secrets" ''
set -euo pipefail
SECRETS_FILE="/etc/homepage-secrets"
# --- *arr apps: API keys live in config.xml as <ApiKey>...</ApiKey> ---
extract_arr_key() {
local name="$1" path="$2"
if [ -f "$path" ]; then
${pkgs.gnused}/bin/sed -n 's/.*<ApiKey>\(.*\)<\/ApiKey>.*/\1/p' "$path"
fi
}
SONARR_KEY=$(extract_arr_key "sonarr" "/var/lib/sonarr/config.xml")
RADARR_KEY=$(extract_arr_key "radarr" "/var/lib/radarr/config.xml")
PROWLARR_KEY=$(extract_arr_key "prowlarr" "/var/lib/prowlarr/config.xml")
# --- Bazarr: API key in config.ini under [auth] section ---
BAZARR_KEY=""
if [ -f "/var/lib/bazarr/data/config/config.ini" ]; then
BAZARR_KEY=$(${pkgs.gnugrep}/bin/grep -oP '(?<=apikey = ).*' /var/lib/bazarr/data/config/config.ini || true)
fi
# Fallback: Bazarr sometimes stores it in config.yaml
if [ -z "$BAZARR_KEY" ] && [ -f "/var/lib/bazarr/config/config.yaml" ]; then
BAZARR_KEY=$(${pkgs.gnugrep}/bin/grep -oP '(?<=apikey: ).*' /var/lib/bazarr/config/config.yaml || true)
fi
# --- Jellyfin: create an API key in the DB if one doesn't exist ---
JELLYFIN_KEY=""
JELLYFIN_DB="/var/lib/jellyfin/data/jellyfin.db"
if [ -f "$JELLYFIN_DB" ]; then
# Check if a "Homepage" key already exists
JELLYFIN_KEY=$(${pkgs.sqlite}/bin/sqlite3 "$JELLYFIN_DB" \
"SELECT AccessToken FROM ApiKeys WHERE Name = 'Homepage' LIMIT 1;" 2>/dev/null || true)
if [ -z "$JELLYFIN_KEY" ]; then
# Generate a random 32-char hex token
JELLYFIN_KEY=$(${pkgs.coreutils}/bin/head -c 16 /dev/urandom | ${pkgs.coreutils}/bin/od -An -tx1 | ${pkgs.gnused}/bin/sed 's/ //g' | ${pkgs.coreutils}/bin/head -c 32)
NOW=$(${pkgs.coreutils}/bin/date -u '+%Y-%m-%d %H:%M:%S')
${pkgs.sqlite}/bin/sqlite3 "$JELLYFIN_DB" \
"INSERT INTO ApiKeys (DateCreated, DateLastActivity, Name, AccessToken) VALUES ('$NOW', '0001-01-01 00:01:00', 'Homepage', '$JELLYFIN_KEY');"
fi
fi
# --- Write the secrets file ---
cat > "$SECRETS_FILE" <<EOF
HOMEPAGE_VAR_SONARR_KEY=$SONARR_KEY
HOMEPAGE_VAR_RADARR_KEY=$RADARR_KEY
HOMEPAGE_VAR_PROWLARR_KEY=$PROWLARR_KEY
HOMEPAGE_VAR_BAZARR_KEY=$BAZARR_KEY
HOMEPAGE_VAR_JELLYFIN_KEY=$JELLYFIN_KEY
EOF
chmod 600 "$SECRETS_FILE"
'';
in
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
{
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
Theme btop and Homepage via matugen on the mediaserver Share the wallpaper symlink across all hosts by moving it from gnome.nix into home-manager/fred.nix, and add matugen templates for btop and the Homepage dashboard. The Homepage NixOS module writes custom.css into /etc (read-only), so bind-mount /var/lib/homepage-custom-css/custom.css over it. A systemd path unit restarts homepage-dashboard whenever matugen rewrites the file, so regeneration works without sudo. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-16 20:17:38 +01:00
# Writable location for matugen-generated custom.css; bind-mounted into
# the homepage service namespace over the Nix-managed /etc path.
systemd.tmpfiles.rules = [
"d /var/lib/homepage-custom-css 0755 fred users -"
"f /var/lib/homepage-custom-css/custom.css 0644 fred users -"
Add Last Update widget to Homepage via record-update script record-update parses nvd diff after switch and writes latest.json; Homepage polls a local-only nginx listener and renders date/changes/ closure/kernel via a customapi widget. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-16 20:58:19 +01:00
"d /var/lib/homepage-updates 0755 fred users -"
Theme btop and Homepage via matugen on the mediaserver Share the wallpaper symlink across all hosts by moving it from gnome.nix into home-manager/fred.nix, and add matugen templates for btop and the Homepage dashboard. The Homepage NixOS module writes custom.css into /etc (read-only), so bind-mount /var/lib/homepage-custom-css/custom.css over it. A systemd path unit restarts homepage-dashboard whenever matugen rewrites the file, so regeneration works without sudo. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-16 20:17:38 +01:00
];
systemd.services.homepage-dashboard.serviceConfig.BindPaths = [
"/var/lib/homepage-custom-css/custom.css:/etc/homepage-dashboard/custom.css"
];
# Auto-restart homepage when matugen rewrites the custom.css
systemd.paths.homepage-css-reload = {
description = "Watch matugen custom.css for changes";
wantedBy = [ "multi-user.target" ];
pathConfig.PathChanged = "/var/lib/homepage-custom-css/custom.css";
};
systemd.services.homepage-css-reload = {
description = "Restart homepage after custom.css changes";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl restart homepage-dashboard.service";
};
};
Auto-extract API keys for Homepage dashboard Adds a systemd oneshot that runs before homepage-dashboard and: - Reads *arr API keys from their config.xml files - Reads Bazarr key from config.ini - Creates a Jellyfin API key in the DB if one named "Homepage" doesn't exist - Uses localhost for qBittorrent (LocalHostAuth=false, no creds needed) - Writes everything to /etc/homepage-secrets Zero manual setup — all keys are extracted or generated automatically. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 13:13:17 +01:00
# Oneshot service that extracts API keys and writes /etc/homepage-secrets
systemd.services.homepage-extract-secrets = {
description = "Extract API keys for Homepage dashboard";
after = [
"jellyfin.service"
"sonarr.service"
"radarr.service"
"bazarr.service"
"prowlarr.service"
];
requires = [ "jellyfin.service" ];
before = [ "homepage-dashboard.service" ];
requiredBy = [ "homepage-dashboard.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = extractSecrets;
RemainAfterExit = true;
};
};
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
services.homepage-dashboard = {
enable = true;
openFirewall = true;
listenPort = 8082;
# Allow access from anywhere on the LAN
# Add your domain here too if you expose it via Nginx Proxy Manager
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
allowedHosts = "localhost:8082,127.0.0.1:8082,homepage.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
Auto-extract API keys for Homepage dashboard Adds a systemd oneshot that runs before homepage-dashboard and: - Reads *arr API keys from their config.xml files - Reads Bazarr key from config.ini - Creates a Jellyfin API key in the DB if one named "Homepage" doesn't exist - Uses localhost for qBittorrent (LocalHostAuth=false, no creds needed) - Writes everything to /etc/homepage-secrets Zero manual setup — all keys are extracted or generated automatically. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 13:13:17 +01:00
# API keys auto-extracted by homepage-extract-secrets.service
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
environmentFiles = [ "/etc/homepage-secrets" ];
settings = {
title = "FredOS Mediaserver";
theme = "dark";
color = "slate";
headerStyle = "clean";
layout = {
Media = { style = "row"; columns = 2; };
Downloads = { style = "row"; columns = 2; };
Infrastructure = { style = "row"; columns = 3; };
};
};
widgets = [
{
resources = {
cpu = true;
memory = true;
disk = "/";
label = "System";
};
}
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
{
datetime = {
text_size = "xl";
format = {
timeStyle = "short";
dateStyle = "short";
hour12 = false;
};
};
}
];
services = [
{
Media = [
{
Jellyfin = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://jellyfin.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "Media server";
icon = "jellyfin.png";
widget = {
type = "jellyfin";
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
url = "http://127.0.0.1:8096";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
key = "{{HOMEPAGE_VAR_JELLYFIN_KEY}}";
enableBlocks = true;
enableNowPlaying = true;
};
};
}
{
Bazarr = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://bazarr.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "Subtitle management";
icon = "bazarr.png";
widget = {
type = "bazarr";
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
url = "http://127.0.0.1:6767";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
key = "{{HOMEPAGE_VAR_BAZARR_KEY}}";
};
};
}
{
Sonarr = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://sonarr.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "TV show management";
icon = "sonarr.png";
widget = {
type = "sonarr";
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
url = "http://127.0.0.1:8989";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
key = "{{HOMEPAGE_VAR_SONARR_KEY}}";
enableQueue = true;
};
};
}
{
Radarr = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://radarr.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "Movie management";
icon = "radarr.png";
widget = {
type = "radarr";
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
url = "http://127.0.0.1:7878";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
key = "{{HOMEPAGE_VAR_RADARR_KEY}}";
enableQueue = true;
};
};
}
];
}
{
Downloads = [
{
qBittorrent = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://torrent.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "Torrent client";
icon = "qbittorrent.png";
widget = {
type = "qbittorrent";
Auto-extract API keys for Homepage dashboard Adds a systemd oneshot that runs before homepage-dashboard and: - Reads *arr API keys from their config.xml files - Reads Bazarr key from config.ini - Creates a Jellyfin API key in the DB if one named "Homepage" doesn't exist - Uses localhost for qBittorrent (LocalHostAuth=false, no creds needed) - Writes everything to /etc/homepage-secrets Zero manual setup — all keys are extracted or generated automatically. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 13:13:17 +01:00
url = "http://127.0.0.1:8080";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
};
};
}
{
Prowlarr = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://prowlarr.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "Indexer manager";
icon = "prowlarr.png";
widget = {
type = "prowlarr";
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
url = "http://127.0.0.1:9696";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
key = "{{HOMEPAGE_VAR_PROWLARR_KEY}}";
};
};
}
];
}
{
Infrastructure = [
{
Authelia = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://auth.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "SSO & 2FA";
icon = "authelia.png";
};
}
{
go2rtc = {
Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc - Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01 - Native Authelia SSO with forward auth protecting homepage + camera - Native go2rtc camera streaming (no more Docker) - Auto-migration script for Authelia secrets and user database from Docker - Homepage hrefs updated to use HTTPS domain names - Fail2ban updated for native nginx log paths + new Authelia jail Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 15:47:56 +01:00
href = "https://camera.nordhammer.it";
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
description = "Camera streams";
icon = "go2rtc.png";
};
}
Add Last Update widget to Homepage via record-update script record-update parses nvd diff after switch and writes latest.json; Homepage polls a local-only nginx listener and renders date/changes/ closure/kernel via a customapi widget. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-16 20:58:19 +01:00
{
"Last Update" = {
description = "Most recent nixos-rebuild switch";
icon = "mdi-history";
widget = {
type = "customapi";
url = "http://127.0.0.1:8083/latest.json";
refreshInterval = 60000;
method = "GET";
display = "list";
mappings = [
{ field = "date"; label = "Date"; }
{ field = "changes"; label = "Changes"; }
{ field = "closure"; label = "Closure"; }
{ field = "kernel"; label = "Kernel"; }
];
};
};
}
Add Homepage dashboard for FredOS-Mediaserver Covers all running services: Jellyfin, Sonarr, Radarr, Bazarr, Prowlarr, qBittorrent, Nginx Proxy Manager, Authelia, go2rtc. Live widgets for *arr apps, Jellyfin now-playing, and qBittorrent speed use API keys loaded from /etc/homepage-secrets (outside the Nix store). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 12:55:37 +01:00
];
}
];
};
};
}
Reference in a new issue Copy permalink