From ed86270ec3813e735540d5a95092c5180d2693c9 Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Sat, 2 Aug 2025 22:57:10 -0700
Subject: [PATCH 1/7] security(nginx): disable /metrics from dendrite

---
 hosts/tanzanite/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix
index 745dadf..84b92e2 100644
--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@@ -65,6 +65,9 @@ in {
         locations."/" = {
           proxyPass = "http://127.0.0.1:9008";
         };
+        locations."/metrics" = {
+          return = "404";
+        };
       };
       "syncv3.stitchy.moe" = {
         enableACME = true;

From 0c2340692a80337ba2f781efe841a64c69597003 Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Sat, 2 Aug 2025 22:57:57 -0700
Subject: [PATCH 2/7] feat(tanzanite): init grafana and prometheus

---
 hosts/tanzanite/default.nix | 41 +++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix
index 84b92e2..6ff0531 100644
--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@@ -76,6 +76,47 @@ in {
           proxyPass = "http://127.0.0.1:8009";
         };
       };
+      "grafana.stitchy.moe" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:3000";
+        };
+        extraConfig = ''
+          allow 10.100.0.0/24;
+          allow 192.168.51.2;
+          allow 192.168.51.1;
+          deny all;
+        '';
+      };
+    };
+  };
+
+  services = {
+    grafana = {
+      enable = true;
+    };
+    prometheus = {
+      enable = true;
+      exporters = {
+        node = {
+          enable = true;
+        };
+      };
+      globalConfig.scrape_interval = "10s";
+      scrapeConfigs = [{
+        job_name = "node";
+        static_configs = [{
+          targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}"];
+        }];
+      }
+      {
+        job_name = "dendrite";
+        static_configs = [{
+          targets = [ "localhost:9008"];
+        }];
+      }
+      ];
     };
   };
 

From 2bcac06381f63f29659145c67656e4bf647bf491 Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Sat, 2 Aug 2025 23:38:05 -0700
Subject: [PATCH 3/7] fix(tanzanite): disable grafana analytics

---
 hosts/tanzanite/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix
index 6ff0531..2ef182e 100644
--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@@ -95,6 +95,12 @@ in {
   services = {
     grafana = {
       enable = true;
+      settings = {
+        analytics = {
+          feedback_links_enabled = false;
+          reporting_enabled = false;
+        };
+      };
     };
     prometheus = {
       enable = true;

From 210d1f5a293547da68cf50e5085ee65d117d33d6 Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Fri, 10 Oct 2025 00:44:40 -0700
Subject: [PATCH 4/7] chore: migrate postgresql directory to redundant drives

---
 hosts/tanzanite/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix
index 2ef182e..2538838 100644
--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@@ -102,6 +102,9 @@ in {
         };
       };
     };
+    postgresql = {
+      dataDir = "/opt/services/postgresql/${config.services.postgresql.package.psqlSchema}";
+    };
     prometheus = {
       enable = true;
       exporters = {

From c066c5f4180eaa8d199e3bdf57b88a13970f6f8f Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Fri, 10 Oct 2025 00:45:39 -0700
Subject: [PATCH 5/7] feat(tanzanite): immich

Added immich as a service that I host. We shall see if it stays
---
 hosts/tanzanite/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix
index 2538838..34b64ac 100644
--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@@ -69,6 +69,15 @@ in {
           return = "404";
         };
       };
+      "pics.stitchy.moe" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://[::1]:${toString config.services.immich.port}";
+          proxyWebsockets = true;
+          recommendedProxySettings = true;
+        };
+      };
       "syncv3.stitchy.moe" = {
         enableACME = true;
         forceSSL = true;
@@ -102,6 +111,11 @@ in {
         };
       };
     };
+    immich = {
+      enable = true;
+      port = 2283;
+      mediaLocation = "/opt/services/immich";
+    };
     postgresql = {
       dataDir = "/opt/services/postgresql/${config.services.postgresql.package.psqlSchema}";
     };

From eab8c956b5375598e75456678adbc2e28a9bcf64 Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Fri, 10 Oct 2025 00:46:16 -0700
Subject: [PATCH 6/7] feat(grafana): add unifi polling via unpoller

---
 hosts/tanzanite/default.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix
index 34b64ac..b89fd80 100644
--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@@ -125,6 +125,16 @@ in {
         node = {
           enable = true;
         };
+        unpoller = {
+          enable = true;
+          controllers = [{
+            user = "flyingstitchman";
+            pass = "/persist/unifi-pass.txt";
+            verify_ssl = false;
+            url = "https://localhost:7443";
+            save_dpi = true;
+          }];
+        };
       };
       globalConfig.scrape_interval = "10s";
       scrapeConfigs = [{
@@ -139,8 +149,16 @@ in {
           targets = [ "localhost:9008"];
         }];
       }
+      {
+        job_name = "unpoller";
+        static_configs = [{
+          targets = [ "localhost:9130"];
+        }];
+      }
       ];
     };
+    unpoller = {
+    };
   };
 
   networking.firewall = {

From 4bc23b38bd082e5f8cb7dcd32b2e90b41b379a99 Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Fri, 10 Oct 2025 16:48:30 -0700
Subject: [PATCH 7/7] feat: flake update

---
 flake.lock | 70 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 37 insertions(+), 33 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5c960c0..efcde88 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1755511413,
-        "narHash": "sha256-cBBF+nwGrSroN6ZewHPFaSThyCvwBxSZMdYEH8DxDx8=",
+        "lastModified": 1760084311,
+        "narHash": "sha256-YpNNtvA8v28Gd3/PHXCABuBWOzR0K8CyQPga13LxBH0=",
         "owner": "catppuccin",
         "repo": "nix",
-        "rev": "ca11a19d4e1d2ba5e6162f40cb71288551fd51dd",
+        "rev": "fa3a9d5f80ebfe7f4974bc1939f558690cc56359",
         "type": "github"
       },
       "original": {
@@ -86,7 +86,10 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": [
+          "nixpkgs-xr",
+          "systems"
+        ]
       },
       "locked": {
         "lastModified": 1731533236,
@@ -131,11 +134,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755569926,
-        "narHash": "sha256-s7D28zPHlFWVZ7dDxm0L1o5+t423rMJUfgCMGUeyYSk=",
+        "lastModified": 1760130406,
+        "narHash": "sha256-GKMwBaFRw/C1p1VtjDz4DyhyzjKUWyi1K50bh8lgA2E=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c613ac14f5600033bf84ae75c315d5ce24a0229b",
+        "rev": "d305eece827a3fe317a2d70138f53feccaf890a1",
         "type": "github"
       },
       "original": {
@@ -174,11 +177,11 @@
     "mobile-nixos": {
       "flake": false,
       "locked": {
-        "lastModified": 1754708713,
-        "narHash": "sha256-IzpB0REbJ10A8vZIXnrPoUXEHL4wq8xq2pAlwyiCNb4=",
+        "lastModified": 1759261417,
+        "narHash": "sha256-TjuoBb8+isL3KTdGgtYh90XPyeUMFbgNAOG9l23CB3A=",
         "owner": "nixos",
         "repo": "mobile-nixos",
-        "rev": "b23f377ed5c458216591bd19c232cb45b2c3f365",
+        "rev": "e6f6d527bf6abf94dd52fbba3143a720cef96431",
         "type": "github"
       },
       "original": {
@@ -189,11 +192,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1755330281,
-        "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
+        "lastModified": 1760106635,
+        "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
         "owner": "Nixos",
         "repo": "nixos-hardware",
-        "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
+        "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
         "type": "github"
       },
       "original": {
@@ -205,11 +208,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1755027561,
-        "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
+        "lastModified": 1759831965,
+        "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
+        "rev": "c9b6fb798541223bbb396d287d16f43520250518",
         "type": "github"
       },
       "original": {
@@ -256,14 +259,15 @@
         "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs_3",
+        "systems": "systems",
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1755566862,
-        "narHash": "sha256-x25ELwy7HytGyVfkJ360omF5+5k5JUAw5YeG5pVMTEc=",
+        "lastModified": 1760059371,
+        "narHash": "sha256-VoyVxOb3maiV8ybnaCd4Zalfqz4ashIrz2pfhK704mI=",
         "owner": "nix-community",
         "repo": "nixpkgs-xr",
-        "rev": "f2492718d5552951e85a89448647564ebcde7146",
+        "rev": "6cb9cca13659e5d5c4e4a42d7f9cd7b9eecc730b",
         "type": "github"
       },
       "original": {
@@ -274,11 +278,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1755186698,
-        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
+        "lastModified": 1760038930,
+        "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
+        "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
         "type": "github"
       },
       "original": {
@@ -290,11 +294,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1755186698,
-        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
+        "lastModified": 1759831965,
+        "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
+        "rev": "c9b6fb798541223bbb396d287d16f43520250518",
         "type": "github"
       },
       "original": {
@@ -366,16 +370,16 @@
     },
     "systems": {
       "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
         "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
         "type": "github"
       },
       "original": {
         "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
         "type": "github"
       }
     },
@@ -387,11 +391,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754847726,
-        "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
+        "lastModified": 1758728421,
+        "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
+        "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
         "type": "github"
       },
       "original": {