From 718128596f9e493dc5a3e7ad80a8ee19d403b44b Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sat, 18 Jan 2025 00:25:18 +0100 Subject: [PATCH] feat: add declarative status page --- lon.lock | 4 ++-- machines/biblios/garage.nix | 31 ++++++++++++++++++++++++++++++ machines/core-security/default.nix | 4 ++-- machines/gustave/nsd.nix | 26 ++----------------------- machines/lambda/uptime-kuma.nix | 17 +++++++++++----- machines/tower/default.nix | 7 ++++--- modules/jackett/default.nix | 4 ++++ modules/meta/default.nix | 24 ++++++++++++++++++++--- modules/nginx/default.nix | 4 +++- profiles/base.nix | 20 +++++++++++++++++++ 10 files changed, 101 insertions(+), 40 deletions(-) diff --git a/lon.lock b/lon.lock index 2a23845..786070e 100644 --- a/lon.lock +++ b/lon.lock @@ -175,9 +175,9 @@ "type": "Git", "fetchType": "git", "branch": "truly-deterministic", - "revision": "caf3169829647809805caaf968c8c0d4015ef187", + "revision": "78564e5f2c4fad5175f709560e6ee75d30115b22", "url": "https://git.dgnum.eu/Luj/stateless-uptime-kuma.git", - "hash": "sha256-tux43mzd1rrlpTEhcQ9PiJBse9+SGEcWY/9F8cxX+Po=", + "hash": "sha256-I5uHrQvwKvJMFSOJfEZRZyc5ZElD0tCGfFVDaBfcLNM=", "submodules": false }, "unstable": { diff --git a/machines/biblios/garage.nix b/machines/biblios/garage.nix index 0e91378..8c59865 100644 --- a/machines/biblios/garage.nix +++ b/machines/biblios/garage.nix @@ -68,4 +68,35 @@ in config.machine.meta.ips.public.ipv6 ]; + machine.meta.probes.monitors."s3.luj.fr - IPv4".accepted_statuscodes = [ "403" ]; + machine.meta.probes.monitors."s3.luj.fr - IPv6".accepted_statuscodes = [ "403" ]; + + machine.meta.probes.monitors."cdn.luj.fr - IPv4".accepted_statuscodes = [ "404" ]; + machine.meta.probes.monitors."cdn.luj.fr - IPv6".accepted_statuscodes = [ "404" ]; + + machine.meta.probes.monitors = { + "luj.fr - IPv4" = { + url = "https://${config.machine.meta.ips.public.ipv4}"; + type = "http"; + accepted_statuscodes = [ "200-299" ]; + notificationIDList = [ 1 ]; + headers = '' + { + "Host": "luj.fr" + } + ''; + }; + "luj.fr - IPv6" = { + url = "https://[${config.machine.meta.ips.public.ipv6}]"; + type = "http"; + accepted_statuscodes = [ "200-299" ]; + notificationIDList = [ 1 ]; + headers = '' + { + "Host": "luj.fr" + } + ''; + }; + }; + } diff --git a/machines/core-security/default.nix b/machines/core-security/default.nix index 42e9f83..11d956b 100644 --- a/machines/core-security/default.nix +++ b/machines/core-security/default.nix @@ -122,8 +122,8 @@ security.acme.certs."ca.luj".server = lib.mkForce "https://127.0.0.1:8444/acme/acme/directory"; - machine.meta.monitors."ca.luj - IPv4".url = lib.mkForce "https://100.100.45.14/health"; - machine.meta.monitors."ca.luj - IPv6".url = lib.mkForce "https://[fd7a:115c:a1e0::e]/health"; + machine.meta.probes.monitors."ca.luj - IPv4".url = lib.mkForce "https://100.100.45.14/health"; + machine.meta.probes.monitors."ca.luj - IPv6".url = lib.mkForce "https://[fd7a:115c:a1e0::e]/health"; systemd.services."step-ca".after = [ "keycloak.service" ]; diff --git a/machines/gustave/nsd.nix b/machines/gustave/nsd.nix index ef7d966..9165346 100644 --- a/machines/gustave/nsd.nix +++ b/machines/gustave/nsd.nix @@ -101,30 +101,8 @@ lib.mkMerge [ networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ]; - machine.meta.zones."luj.fr".TXT = [ "homepage.luj.luj-static.page" ]; - - machine.meta.monitors = { - "luj.fr - IPv4" = { - url = "https://${config.machine.meta.ips.public.ipv4}"; - type = "http"; - accepted_statuscodes = [ "200-299" ]; - headers = '' - { - "Host": "luj.fr" - } - ''; - }; - "luj.fr - IPv6" = { - url = "https://[${config.machine.meta.ips.public.ipv6}]"; - type = "http"; - accepted_statuscodes = [ "200-299" ]; - headers = '' - { - "Host": "luj.fr" - } - ''; - }; - }; + # Page server disabled for now + #machine.meta.zones."luj.fr".TXT = [ "homepage.luj.luj-static.page" ]; } diff --git a/machines/lambda/uptime-kuma.nix b/machines/lambda/uptime-kuma.nix index 1f16d6a..745dec4 100644 --- a/machines/lambda/uptime-kuma.nix +++ b/machines/lambda/uptime-kuma.nix @@ -8,15 +8,20 @@ }: let - probesFromConfig = lib.mkMerge ( - lib.mapAttrsToList (_: value: value.config.machine.meta.monitors) nixosConfigurations + monitorsFromConfig = lib.mkMerge ( + lib.mapAttrsToList (_: value: value.config.machine.meta.probes.monitors) nixosConfigurations ); + + pagesFromConfig = lib.mkMerge ( + lib.mapAttrsToList (_: value: value.config.machine.meta.probes.status_pages) nixosConfigurations + ); + in { services.uptime-kuma = { enable = true; - package = pkgs.uptime-kuma-beta; + package = pkgs.unstable.uptime-kuma; settings = { NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt"; }; @@ -31,14 +36,16 @@ in }; }; - age.secrets."stateless-uptime-kuma-password".file = ../../secrets/stateless-uptime-kuma-password.age; + age.secrets."stateless-uptime-kuma-password".file = + ../../secrets/stateless-uptime-kuma-password.age; nixpkgs.overlays = [ (import "${inputs.stateless-uptime-kuma}/overlay.nix") ]; statelessUptimeKuma = { enableService = true; - probesConfig.monitors = probesFromConfig; + probesConfig.monitors = monitorsFromConfig; + probesConfig.status_pages = pagesFromConfig; extraFlags = [ "-s" "-v DEBUG" diff --git a/machines/tower/default.nix b/machines/tower/default.nix index 95910f5..16c261b 100644 --- a/machines/tower/default.nix +++ b/machines/tower/default.nix @@ -60,7 +60,8 @@ services.openssh.enable = true; - programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD"; + programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD"; services.nginx.virtualHosts."photos.julienmalka.me" = { enableACME = true; @@ -131,8 +132,8 @@ root = "/home/gitlab-runner/artifacts"; }; - machine.meta.monitors."phd.julienmalka.me - IPv4".accepted_statuscodes = [ "401" ]; - machine.meta.monitors."phd.julienmalka.me - IPv6".accepted_statuscodes = [ "401" ]; + machine.meta.probes.monitors."phd.julienmalka.me - IPv4".accepted_statuscodes = [ "401" ]; + machine.meta.probes.monitors."phd.julienmalka.me - IPv6".accepted_statuscodes = [ "401" ]; systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/home/gitlab-runner/artifacts" ]; diff --git a/modules/jackett/default.nix b/modules/jackett/default.nix index a0b7f2a..244e33f 100644 --- a/modules/jackett/default.nix +++ b/modules/jackett/default.nix @@ -45,6 +45,10 @@ in ); inherit (cfg) user group; }; + + machine.meta.probes.monitors."jackett.luj - IPv4".accepted_statuscodes = [ "400" ]; + machine.meta.probes.monitors."jackett.luj - IPv6".accepted_statuscodes = [ "400" ]; + } (mkIf cfg.nginx.enable (mkVPNSubdomain cfg.nginx.subdomain port)) diff --git a/modules/meta/default.nix b/modules/meta/default.nix index f440663..4a47888 100644 --- a/modules/meta/default.nix +++ b/modules/meta/default.nix @@ -43,9 +43,27 @@ default = with profiles; [ base ]; }; - monitors = mkOption { - default = { }; - type = types.attrsOf (pkgs.formats.json { }).type; + probes = { + monitors = lib.mkOption { + type = types.attrsOf (pkgs.formats.json { }).type; + default = { }; + }; + tags = lib.mkOption { + type = types.attrsOf (pkgs.formats.json { }).type; + default = { }; + }; + notifications = lib.mkOption { + type = types.attrsOf (pkgs.formats.json { }).type; + default = { }; + }; + status_pages = lib.mkOption { + type = types.attrsOf (pkgs.formats.json { }).type; + default = { }; + }; + settings = lib.mkOption { + type = types.attrsOf (pkgs.formats.json { }).type; + default = { }; + }; }; defaultInterface = mkOption { diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix index aa2dd54..afafcbf 100644 --- a/modules/nginx/default.nix +++ b/modules/nginx/default.nix @@ -59,7 +59,7 @@ in ''; systemConfig = _: { - machine.meta.monitors = lib.mkIf (name != "default") { + machine.meta.probes.monitors = lib.mkIf (name != "default") { "${name} - IPv4" = { url = "https://${ if (hasSuffix "luj" name) then @@ -69,6 +69,7 @@ in }"; type = "http"; accepted_statuscodes = [ "200-299" ]; + notificationIDList = [ 1 ]; headers = '' { "Host": "${name}" @@ -84,6 +85,7 @@ in }]"; type = "http"; accepted_statuscodes = [ "200-299" ]; + notificationIDList = [ 1 ]; headers = '' { "Host": "${name}" diff --git a/profiles/base.nix b/profiles/base.nix index 2f50709..85d560f 100644 --- a/profiles/base.nix +++ b/profiles/base.nix @@ -123,4 +123,24 @@ VfXtULncAiEA2gmqdr+ugFz5tvPdKwanroTiMTUMhhCRYVlQlyTApyQ= -----END CERTIFICATE-----'' ]; + + machine.meta.probes = { + status_pages."public" = { + title = "Public Services"; + description = "State of my public infrastructure"; + showTags = false; + publicGroupList = + lib.optionals ((builtins.length (lib.attrNames config.machine.meta.probes.monitors)) > 0) + [ + { + name = config.networking.hostName; + weight = 1; + monitorList = builtins.filter (e: (lib.hasInfix ".luj.fr" e) || !(lib.hasInfix ".luj" e)) ( + lib.attrNames config.machine.meta.probes.monitors + ); + } + ]; + }; + }; + }