From a78b00035685377faa8e8c0c47a900f936031990 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sat, 2 Nov 2024 02:09:27 +0100 Subject: [PATCH] feat(lambda): init stateless uptime-kuma --- lib/mkmachine.nix | 4 ++ lon.lock | 9 +++++ machines/lambda/default.nix | 29 +------------ machines/lambda/uptime-kuma.nix | 47 ++++++++++++++++++++++ secrets/secrets.nix | 5 +++ secrets/stateless-uptime-kuma-password.age | 10 +++++ 6 files changed, 76 insertions(+), 28 deletions(-) create mode 100644 machines/lambda/uptime-kuma.nix create mode 100644 secrets/stateless-uptime-kuma-password.age diff --git a/lib/mkmachine.nix b/lib/mkmachine.nix index b661add..16dc998 100644 --- a/lib/mkmachine.nix +++ b/lib/mkmachine.nix @@ -38,6 +38,7 @@ import "${nixpkgs}/nixos/lib/eval-config.nix" { (import inputs.lanzaboote).nixosModules.lanzaboote (import inputs.lila).nixosModules.hash-collection (import "${inputs.arkheon}/module.nix") + (import "${inputs.stateless-uptime-kuma}/nixos/module.nix") { home-manager.useGlobalPkgs = true; nixpkgs.system = system; @@ -51,6 +52,9 @@ import "${nixpkgs}/nixos/lib/eval-config.nix" { # Packages comming from other repositories jackett = pkgs.callPackage ../packages/jackett { }; lila-build-hook = (import inputs.lila).packages.${system}.utils; + statelessUptimeKuma = + pkgs.callPackage "${inputs.stateless-uptime-kuma}/stateless-uptime-kuma.nix" + { }; # My own packages keycloak-keywind = prev.pkgs.callPackage ../packages/keycloak-keywind { }; hydrasect = prev.pkgs.callPackage ../packages/hydrasect { }; diff --git a/lon.lock b/lon.lock index 7c8c1be..31e7451 100644 --- a/lon.lock +++ b/lon.lock @@ -180,6 +180,15 @@ "url": "https://github.com/nixos/nixpkgs/archive/32e940c7c420600ef0d1ef396dc63b04ee9cad37.tar.gz", "hash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=" }, + "stateless-uptime-kuma": { + "type": "Git", + "fetchType": "git", + "branch": "master", + "revision": "880f444ff7862d6127b051cf1a993ad1585b1652", + "url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git", + "hash": "sha256-l9fgwesnmFxasCaYUCD7L9bGGJXytLuwtx3CZMgpwJg=", + "submodules": false + }, "unstable": { "type": "GitHub", "fetchType": "tarball", diff --git a/machines/lambda/default.nix b/machines/lambda/default.nix index c032072..400b80c 100644 --- a/machines/lambda/default.nix +++ b/machines/lambda/default.nix @@ -10,6 +10,7 @@ ./hardware.nix ./home-julien.nix ./arkheon.nix + ./uptime-kuma.nix ]; machine.meta = { @@ -41,14 +42,6 @@ luj.nginx.enable = true; - services.uptime-kuma = { - enable = true; - package = pkgs.unstable.uptime-kuma; - settings = { - NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt"; - }; - }; - services.ntfy-sh = { enable = true; package = pkgs.unstable.ntfy-sh; @@ -62,26 +55,6 @@ }; }; - services.nginx.virtualHosts."status.julienmalka.me" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:3001"; - proxyWebsockets = true; - }; - }; - - security.acme.certs."uptime.luj".server = "https://ca.luj/acme/acme/directory"; - - services.nginx.virtualHosts."uptime.luj" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:3001"; - proxyWebsockets = true; - }; - }; - services.nginx.virtualHosts."notifications.julienmalka.me" = { forceSSL = true; enableACME = true; diff --git a/machines/lambda/uptime-kuma.nix b/machines/lambda/uptime-kuma.nix new file mode 100644 index 0000000..595b62d --- /dev/null +++ b/machines/lambda/uptime-kuma.nix @@ -0,0 +1,47 @@ +{ pkgs, config, ... }: +{ + + services.uptime-kuma = { + enable = true; + package = pkgs.unstable.uptime-kuma; + settings = { + NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt"; + }; + }; + + services.nginx.virtualHosts."status.julienmalka.me" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:3001"; + proxyWebsockets = true; + }; + }; + + age.secrets."stateless-uptime-kuma-password".file = ../../secrets/stateless-uptime-kuma-password.age; + statelessUptimeKuma = { + enableService = true; + probesConfig = { + monitors = { + "mdr" = { + url = "https://82.67.34.230"; + keyword = "Ulm"; + type = "keyword"; + accepted_statuscodes = [ "200-299" ]; + headers = '' + { + "Host": "julienmalka.me" + } + ''; + }; + }; + }; + + extraFlags = [ "-s" ]; + + host = "http://localhost:${builtins.toString 3001}/"; + username = "Julien"; + passwordFile = config.age.secrets."stateless-uptime-kuma-password".path; + }; + +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f94bdc1..485c070 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -101,4 +101,9 @@ in tower gustave ]; + "stateless-uptime-kuma-password.age".publicKeys = [ + gallifrey + tower + lambda + ]; } diff --git a/secrets/stateless-uptime-kuma-password.age b/secrets/stateless-uptime-kuma-password.age new file mode 100644 index 0000000..c06bea2 --- /dev/null +++ b/secrets/stateless-uptime-kuma-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 u3yXZQ tmFNbSWWcoA7Z/TvAaeodP8U7IqoMUDeUgEuueV3ugE +MmrD0NCtXoLR8GAwexcdN0dcGvyjdRgSMmz9Rt05b5A +-> ssh-ed25519 AqX2tg 0fjjaaTdxHyaUHLhaMoR89FrWHxsJ+iJP9HjYePyJEk +t8T8TEnqSrDneiblrTxOPA1OiDMrB3/o36JqXwanlTo +-> ssh-ed25519 xaddyw 52IFyDb+AaTJAlwItAxNwXw230RBssaIdiZL0rm+/SQ +C9pqrsqtNvaqSW4VPcW0+MsNfYz+GDu4UqP497vWtAA +--- O28WnFNZwT2ExTac5bu7LVtbaW/ZVI4acdM5u0lVnV4 +¥›’äÉЇhW2K#ƯYꋤ ÉUž—»¦%ú¨¦ +Nî×XòË iX¢F›2Ù¿§Kð¿$fd \ No newline at end of file