lon.lock

@@ -81,6 +81,16 @@
       "url": "https://github.com/nix-community/home-manager/archive/fc52a210b60f2f52c74eac41a8647c1573d2071d.tar.gz",
       "hash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE="
     },
+    "homepage": {
+      "type": "GitHub",
+      "fetchType": "tarball",
+      "owner": "JulienMalka",
+      "repo": "homepage",
+      "branch": "main",
+      "revision": "29e779d8600b1c1e6235570a3614a54f8ec8126e",
+      "url": "https://github.com/JulienMalka/homepage/archive/29e779d8600b1c1e6235570a3614a54f8ec8126e.tar.gz",
+      "hash": "sha256-YuwHCXEbrzuEyRy1/2bX4Rux/nqmzRZ8H44+83JQNV8="
+    },
     "impermanence": {
       "type": "GitHub",
       "fetchType": "tarball",
@@ -165,9 +175,9 @@
       "type": "Git",
       "fetchType": "git",
       "branch": "truly-deterministic",
-      "revision": "78564e5f2c4fad5175f709560e6ee75d30115b22",
+      "revision": "caf3169829647809805caaf968c8c0d4015ef187",
       "url": "https://git.dgnum.eu/Luj/stateless-uptime-kuma.git",
-      "hash": "sha256-I5uHrQvwKvJMFSOJfEZRZyc5ZElD0tCGfFVDaBfcLNM=",
+      "hash": "sha256-tux43mzd1rrlpTEhcQ9PiJBse9+SGEcWY/9F8cxX+Po=",
       "submodules": false
     },
     "unstable": {

machines/biblios/garage.nix

@@ -68,35 +68,4 @@ in
     config.machine.meta.ips.public.ipv6
   ];
 
-  machine.meta.probes.monitors."s3.luj.fr - IPv4".accepted_statuscodes = [ "403" ];
-  machine.meta.probes.monitors."s3.luj.fr - IPv6".accepted_statuscodes = [ "403" ];
-
-  machine.meta.probes.monitors."cdn.luj.fr - IPv4".accepted_statuscodes = [ "404" ];
-  machine.meta.probes.monitors."cdn.luj.fr - IPv6".accepted_statuscodes = [ "404" ];
-
-  machine.meta.probes.monitors = {
-    "luj.fr - IPv4" = {
-      url = "https://${config.machine.meta.ips.public.ipv4}";
-      type = "http";
-      accepted_statuscodes = [ "200-299" ];
-      notificationIDList = [ 1 ];
-      headers = ''
-        {
-          "Host": "luj.fr"
-        }
-      '';
-    };
-    "luj.fr - IPv6" = {
-      url = "https://[${config.machine.meta.ips.public.ipv6}]";
-      type = "http";
-      accepted_statuscodes = [ "200-299" ];
-      notificationIDList = [ 1 ];
-      headers = ''
-        {
-          "Host": "luj.fr"
-        }
-      '';
-    };
-  };
-
 }

machines/core-security/default.nix

@@ -122,8 +122,8 @@
 
   security.acme.certs."ca.luj".server = lib.mkForce "https://127.0.0.1:8444/acme/acme/directory";
 
-  machine.meta.probes.monitors."ca.luj - IPv4".url = lib.mkForce "https://100.100.45.14/health";
+  machine.meta.monitors."ca.luj - IPv4".url = lib.mkForce "https://100.100.45.14/health";
-  machine.meta.probes.monitors."ca.luj - IPv6".url = lib.mkForce "https://[fd7a:115c:a1e0::e]/health";
+  machine.meta.monitors."ca.luj - IPv6".url = lib.mkForce "https://[fd7a:115c:a1e0::e]/health";
 
   systemd.services."step-ca".after = [ "keycloak.service" ];
 

machines/gustave/nsd.nix

@@ -101,8 +101,30 @@ lib.mkMerge [
     networking.firewall.allowedUDPPorts = [ 53 ];
     networking.firewall.allowedTCPPorts = [ 53 ];
 
-    # Page server disabled for now
+    machine.meta.zones."luj.fr".TXT = [ "homepage.luj.luj-static.page" ];
-    #machine.meta.zones."luj.fr".TXT = [ "homepage.luj.luj-static.page" ];
+
+    machine.meta.monitors = {
+      "luj.fr - IPv4" = {
+        url = "https://${config.machine.meta.ips.public.ipv4}";
+        type = "http";
+        accepted_statuscodes = [ "200-299" ];
+        headers = ''
+          {
+            "Host": "luj.fr"
+          }
+        '';
+      };
+      "luj.fr - IPv6" = {
+        url = "https://[${config.machine.meta.ips.public.ipv6}]";
+        type = "http";
+        accepted_statuscodes = [ "200-299" ];
+        headers = ''
+          {
+            "Host": "luj.fr"
+          }
+        '';
+      };
+    };
 
   }
 

machines/lambda/uptime-kuma.nix

@@ -8,20 +8,15 @@
 }:
 let
 
-  monitorsFromConfig = lib.mkMerge (
+  probesFromConfig = lib.mkMerge (
-    lib.mapAttrsToList (_: value: value.config.machine.meta.probes.monitors) nixosConfigurations
+    lib.mapAttrsToList (_: value: value.config.machine.meta.monitors) nixosConfigurations
   );
-
-  pagesFromConfig = lib.mkMerge (
-    lib.mapAttrsToList (_: value: value.config.machine.meta.probes.status_pages) nixosConfigurations
-  );
-
 in
 {
 
   services.uptime-kuma = {
     enable = true;
-    package = pkgs.unstable.uptime-kuma;
+    package = pkgs.uptime-kuma-beta;
     settings = {
       NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";
     };
@@ -36,16 +31,14 @@ in
     };
   };
 
-  age.secrets."stateless-uptime-kuma-password".file =
+  age.secrets."stateless-uptime-kuma-password".file = ../../secrets/stateless-uptime-kuma-password.age;
-    ../../secrets/stateless-uptime-kuma-password.age;
   nixpkgs.overlays = [
     (import "${inputs.stateless-uptime-kuma}/overlay.nix")
   ];
 
   statelessUptimeKuma = {
     enableService = true;
-    probesConfig.monitors = monitorsFromConfig;
+    probesConfig.monitors = probesFromConfig;
-    probesConfig.status_pages = pagesFromConfig;
     extraFlags = [
       "-s"
       "-v DEBUG"

machines/tower/default.nix

@@ -60,8 +60,7 @@
 
   services.openssh.enable = true;
 
-  programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey =
+  programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD";
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD";
 
   services.nginx.virtualHosts."photos.julienmalka.me" = {
     enableACME = true;
@@ -132,8 +131,8 @@
     root = "/home/gitlab-runner/artifacts";
   };
 
-  machine.meta.probes.monitors."phd.julienmalka.me - IPv4".accepted_statuscodes = [ "401" ];
+  machine.meta.monitors."phd.julienmalka.me - IPv4".accepted_statuscodes = [ "401" ];
-  machine.meta.probes.monitors."phd.julienmalka.me - IPv6".accepted_statuscodes = [ "401" ];
+  machine.meta.monitors."phd.julienmalka.me - IPv6".accepted_statuscodes = [ "401" ];
 
   systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
   systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/home/gitlab-runner/artifacts" ];

modules/homepage/default.nix

@@ -1,5 +1,6 @@
 {
   lib,
+  inputs,
   config,
   ...
 }:
@@ -17,11 +18,7 @@ in
     services.nginx.virtualHosts."julienmalka.me" = {
       enableACME = true;
       forceSSL = true;
-      locations."/" = {
+      root = inputs.homepage;
-        extraConfig = ''
-          return 301 https://luj.fr$request_uri;
-        '';
-      };
     };
   };
 }

modules/jackett/default.nix

@@ -45,10 +45,6 @@ in
         );
         inherit (cfg) user group;
       };
-
-      machine.meta.probes.monitors."jackett.luj - IPv4".accepted_statuscodes = [ "400" ];
-      machine.meta.probes.monitors."jackett.luj - IPv6".accepted_statuscodes = [ "400" ];
-
     }
 
     (mkIf cfg.nginx.enable (mkVPNSubdomain cfg.nginx.subdomain port))

modules/meta/default.nix

@@ -43,27 +43,9 @@
               default = with profiles; [ base ];
             };
 
-            probes = {
+            monitors = mkOption {
-              monitors = lib.mkOption {
+              default = { };
-                type = types.attrsOf (pkgs.formats.json { }).type;
+              type = types.attrsOf (pkgs.formats.json { }).type;
-                default = { };
-              };
-              tags = lib.mkOption {
-                type = types.attrsOf (pkgs.formats.json { }).type;
-                default = { };
-              };
-              notifications = lib.mkOption {
-                type = types.attrsOf (pkgs.formats.json { }).type;
-                default = { };
-              };
-              status_pages = lib.mkOption {
-                type = types.attrsOf (pkgs.formats.json { }).type;
-                default = { };
-              };
-              settings = lib.mkOption {
-                type = types.attrsOf (pkgs.formats.json { }).type;
-                default = { };
-              };
             };
 
             defaultInterface = mkOption {

modules/nginx/default.nix

@@ -59,7 +59,7 @@ in
               '';
 
               systemConfig = _: {
-                machine.meta.probes.monitors = lib.mkIf (name != "default") {
+                machine.meta.monitors = lib.mkIf (name != "default") {
                   "${name} - IPv4" = {
                     url = "https://${
                       if (hasSuffix "luj" name) then
@@ -69,7 +69,6 @@ in
                     }";
                     type = "http";
                     accepted_statuscodes = [ "200-299" ];
-                    notificationIDList = [ 1 ];
                     headers = ''
                       {
                         "Host": "${name}"
@@ -85,7 +84,6 @@ in
                     }]";
                     type = "http";
                     accepted_statuscodes = [ "200-299" ];
-                    notificationIDList = [ 1 ];
                     headers = ''
                       {
                         "Host": "${name}"

profiles/base.nix

@@ -123,24 +123,4 @@
       VfXtULncAiEA2gmqdr+ugFz5tvPdKwanroTiMTUMhhCRYVlQlyTApyQ=
       -----END CERTIFICATE-----''
   ];
-
-  machine.meta.probes = {
-    status_pages."public" = {
-      title = "Public Services";
-      description = "State of my public infrastructure";
-      showTags = false;
-      publicGroupList =
-        lib.optionals ((builtins.length (lib.attrNames config.machine.meta.probes.monitors)) > 0)
-          [
-            {
-              name = config.networking.hostName;
-              weight = 1;
-              monitorList = builtins.filter (e: (lib.hasInfix ".luj.fr" e) || !(lib.hasInfix ".luj" e)) (
-                lib.attrNames config.machine.meta.probes.monitors
-              );
-            }
-          ];
-    };
-  };
-
 }