From b5840e628e60d1614e6e4e04b3ca30f3c7bfacd8 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Thu, 18 Sep 2025 06:00:38 +0200
Subject: feat: generate web index for private web UIs

---
 nixos/helpers.nix             | 13 +++++++++++++
 nixos/hosts/ev/default.nix    |  8 +++++++-
 nixos/hosts/ev/ports.nix      | 12 +++++++++++-
 nixos/hosts/tente/default.nix |  2 ++
 nixos/hosts/tente/ports.nix   | 10 +++++++++-
 5 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/nixos/helpers.nix b/nixos/helpers.nix
index f8f1384..a236c42 100644
--- a/nixos/helpers.nix
+++ b/nixos/helpers.nix
@@ -60,6 +60,19 @@
     '}';
   '';
 
+  serviceIndexHost = tailnetHostname: webPorts:
+    let
+      li = name: port: ''<li><a href="http://${tailnetHostname}:${toString port}">${name}</a></li>'';
+      html = "<ul>" + (lib.concatStringsSep "\n" (lib.mapAttrsToList li webPorts)) + "</ul>";
+    in
+    {
+      listenAddresses = [tailnetHostname];
+      locations."= /".extraConfig = ''
+        default_type text/html;
+        return 200 '${html}';
+      '';
+    };
+
   writeAlloyConfig = cfg:
     let
       alloy-nix-config = "${pkgs.callPackage <top/shared/alloy-nix-config> {}}/bin/alloy-nix-config";
diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix
index b0c5ff3..74518f0 100644
--- a/nixos/hosts/ev/default.nix
+++ b/nixos/hosts/ev/default.nix
@@ -2,10 +2,11 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
   ports = import ./ports.nix;
+  helpers = import <top/helpers.nix> { inherit config lib pkgs; };
 in
 {
   imports = [
@@ -89,6 +90,11 @@ in
   ];
   networking.firewall.allowedUDPPorts = [];
 
+  services.nginx = {
+    enable = true;
+    virtualHosts."ev.tailnet" = helpers.serviceIndexHost "ev.tailnet" ports.webUis;
+  };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/nixos/hosts/ev/ports.nix b/nixos/hosts/ev/ports.nix
index ff5241c..cd41d1b 100644
--- a/nixos/hosts/ev/ports.nix
+++ b/nixos/hosts/ev/ports.nix
@@ -1,4 +1,4 @@
-{
+rec {
   grafanaAlloy = 3001;
   grafanaLoki = 3030;
   hosehawk = 4000;
@@ -6,4 +6,14 @@
   prometheusNodeExporter = 9002;
   qbittorrent = 7777;
   zigbee2mqtt = 8080;
+
+  webUis = {
+    inherit
+      grafanaAlloy
+      hosehawk
+      prometheus
+      qbittorrent
+      zigbee2mqtt
+      ;
+  };
 }
diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
index 4d4a4f3..a54de6c 100644
--- a/nixos/hosts/tente/default.nix
+++ b/nixos/hosts/tente/default.nix
@@ -203,6 +203,8 @@ in
       enable = true;
       group = "www-data";
 
+      virtualHosts."tente.tailnet" = helpers.serviceIndexHost "tente.tailnet" ports.webUis;
+
       appendHttpConfig = ''
         # Close the connection for unknown Host headers.
         # If we don't do this nginx serves some random virtualhost.
diff --git a/nixos/hosts/tente/ports.nix b/nixos/hosts/tente/ports.nix
index 3a2b2fe..133d0f7 100644
--- a/nixos/hosts/tente/ports.nix
+++ b/nixos/hosts/tente/ports.nix
@@ -1,4 +1,4 @@
-{
+rec {
   grafana = 3000;
   grafanaAlloy = 3001;
   grafanaLoki = 3030;
@@ -8,4 +8,12 @@
   prometheus = 9090;
   prometheusNodeExporter = 9002;
   prometheusSqlExporter = 9003;
+
+  webUis = {
+    inherit
+      grafana
+      grafanaAlloy
+      prometheus
+      ;
+  };
 }
-- 
cgit v1.2.3