feat: generate web index for private web UIs

author: Martin Fischer <martin@push-f.com> 2025-09-18 06:00:38 +0200
committer: Martin Fischer <martin@push-f.com> 2025-09-18 10:48:23 +0200
commit: b5840e628e60d1614e6e4e04b3ca30f3c7bfacd8 (patch)
tree: 2bb0d423338166a2e259be85b910d5c6760569fa /nixos
parent: 70b3abe0d6a5e7cf46a8109dce05edcaca892f79 (diff)
5 files changed, 42 insertions, 3 deletions
diff --git a/nixos/helpers.nix b/nixos/helpers.nix
index f8f1384..a236c42 100644
--- a/nixos/helpers.nix
+++ b/nixos/helpers.nix
@@ -60,6 +60,19 @@
     '}';
   '';
 
+  serviceIndexHost = tailnetHostname: webPorts:
+    let
+      li = name: port: ''<li><a href="http://${tailnetHostname}:${toString port}">${name}</a></li>'';
+      html = "<ul>" + (lib.concatStringsSep "\n" (lib.mapAttrsToList li webPorts)) + "</ul>";
+    in
+    {
+      listenAddresses = [tailnetHostname];
+      locations."= /".extraConfig = ''
+        default_type text/html;
+        return 200 '${html}';
+      '';
+    };
+
   writeAlloyConfig = cfg:
     let
       alloy-nix-config = "${pkgs.callPackage <top/shared/alloy-nix-config> {}}/bin/alloy-nix-config";
diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix
index b0c5ff3..74518f0 100644
--- a/nixos/hosts/ev/default.nix
+++ b/nixos/hosts/ev/default.nix
@@ -2,10 +2,11 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
   ports = import ./ports.nix;
+  helpers = import <top/helpers.nix> { inherit config lib pkgs; };
 in
 {
   imports = [
@@ -89,6 +90,11 @@ in
   ];
   networking.firewall.allowedUDPPorts = [];
 
+  services.nginx = {
+    enable = true;
+    virtualHosts."ev.tailnet" = helpers.serviceIndexHost "ev.tailnet" ports.webUis;
+  };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/nixos/hosts/ev/ports.nix b/nixos/hosts/ev/ports.nix
index ff5241c..cd41d1b 100644
--- a/nixos/hosts/ev/ports.nix
+++ b/nixos/hosts/ev/ports.nix
@@ -1,4 +1,4 @@
-{
+rec {
   grafanaAlloy = 3001;
   grafanaLoki = 3030;
   hosehawk = 4000;
@@ -6,4 +6,14 @@
   prometheusNodeExporter = 9002;
   qbittorrent = 7777;
   zigbee2mqtt = 8080;
+
+  webUis = {
+    inherit
+      grafanaAlloy
+      hosehawk
+      prometheus
+      qbittorrent
+      zigbee2mqtt
+      ;
+  };
 }
diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
index 4d4a4f3..a54de6c 100644
--- a/nixos/hosts/tente/default.nix
+++ b/nixos/hosts/tente/default.nix
@@ -203,6 +203,8 @@ in
       enable = true;
       group = "www-data";
 
+      virtualHosts."tente.tailnet" = helpers.serviceIndexHost "tente.tailnet" ports.webUis;
+
       appendHttpConfig = ''
         # Close the connection for unknown Host headers.
         # If we don't do this nginx serves some random virtualhost.
diff --git a/nixos/hosts/tente/ports.nix b/nixos/hosts/tente/ports.nix
index 3a2b2fe..133d0f7 100644
--- a/nixos/hosts/tente/ports.nix
+++ b/nixos/hosts/tente/ports.nix
@@ -1,4 +1,4 @@
-{
+rec {
   grafana = 3000;
   grafanaAlloy = 3001;
   grafanaLoki = 3030;
@@ -8,4 +8,12 @@
   prometheus = 9090;
   prometheusNodeExporter = 9002;
   prometheusSqlExporter = 9003;
+
+  webUis = {
+    inherit
+      grafana
+      grafanaAlloy
+      prometheus
+      ;
+  };
 }
author	Martin Fischer <martin@push-f.com>	2025-09-18 06:00:38 +0200
committer	Martin Fischer <martin@push-f.com>	2025-09-18 10:48:23 +0200
commit	b5840e628e60d1614e6e4e04b3ca30f3c7bfacd8 (patch)
tree	2bb0d423338166a2e259be85b910d5c6760569fa /nixos
parent	70b3abe0d6a5e7cf46a8109dce05edcaca892f79 (diff)