feat(luj.fr): add monitor

machines/core-data/default.nix

@@ -19,6 +19,7 @@
     profiles = with profiles; [
       vm-simple-network
       server
+      behind-sniproxy
     ];
     ips = {
       public.ipv4 = "82.67.34.230";

machines/core-security/default.nix

@@ -121,6 +121,9 @@
 
   security.acme.certs."ca.luj".server = lib.mkForce "https://127.0.0.1:8444/acme/acme/directory";
 
+  machine.meta.monitors."ca.luj - IPv4".url = lib.mkForce "https://100.100.45.14/health";
+  machine.meta.monitors."ca.luj - IPv6".url = lib.mkForce "https://[fd7a:115c:a1e0::e]/health";
+
   systemd.services."step-ca".after = [ "keycloak.service" ];
 
   # TODO: Remove when keycloak is update in stable channel

machines/gustave/default.nix

@@ -145,7 +145,7 @@
   luj.mediaserver = {
     enable = true;
     tv.enable = true;
-    music.enable = true;
+    music.enable = false;
   };
   luj.deluge.interface = "wg0";
 

machines/gustave/nsd.nix

@@ -105,6 +105,29 @@ lib.mkMerge [
     machine.meta.zones."luj.fr".AAAA = [ config.machine.meta.ips.public.ipv6 ];
     machine.meta.zones."luj.fr".TXT = [ "homepage.luj.luj-static.page" ];
 
+    machine.meta.monitors = {
+      "luj.fr - IPv4" = {
+        url = "https://${config.machine.meta.ips.public.ipv4}";
+        type = "http";
+        accepted_statuscodes = [ "200-299" ];
+        headers = ''
+          {
+            "Host": "luj.fr"
+          }
+        '';
+      };
+      "luj.fr - IPv6" = {
+        url = "https://${config.machine.meta.ips.public.ipv6}";
+        type = "http";
+        accepted_statuscodes = [ "200-299" ];
+        headers = ''
+          {
+            "Host": "luj.fr"
+          }
+        '';
+      };
+    };
+
   }
 
   # DNS Records from all non local configurations are exported here

machines/lambda/uptime-kuma.nix

@@ -1,9 +1,17 @@
 {
   pkgs,
+  lib,
+  nixosConfigurations,
   config,
   inputs,
   ...
 }:
+let
+
+  probesFromConfig = lib.mkMerge (
+    lib.mapAttrsToList (_: value: value.config.machine.meta.monitors) nixosConfigurations
+  );
+in
 {
 
   services.uptime-kuma = {
@@ -30,6 +38,7 @@
 
   statelessUptimeKuma = {
     enableService = true;
+    probesConfig.monitors = probesFromConfig;
     extraFlags = [
       "-s"
       "-v DEBUG"

machines/tower/default.nix

@@ -133,6 +133,9 @@
     root = "/home/gitlab-runner/artifacts";
   };
 
+  machine.meta.monitors."phd.julienmalka.me - IPv4".accepted_statuscodes = [ "401" ];
+  machine.meta.monitors."phd.julienmalka.me - IPv6".accepted_statuscodes = [ "401" ];
+
   systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
   systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/home/gitlab-runner/artifacts" ];
 

modules/meta/default.nix

@@ -1,4 +1,9 @@
-{ lib, profiles, ... }:
+{
+  pkgs,
+  lib,
+  profiles,
+  ...
+}:
 {
   options.machine.meta = lib.mkOption {
     description = "Machine metadata";
@@ -38,6 +43,11 @@
               default = with profiles; [ base ];
             };
 
+            monitors = mkOption {
+              default = { };
+              type = types.attrsOf (pkgs.formats.json { }).type;
+            };
+
             defaultInterface = mkOption {
               description = "default interface of the machine";
               default = "ens18";

modules/nginx/default.nix

@@ -59,7 +59,7 @@ in
               '';
 
               systemConfig = _: {
-                statelessUptimeKuma.probesConfig.monitors = lib.mkIf (name != "default") {
+                machine.meta.monitors = lib.mkIf (name != "default") {
                   "${name} - IPv4" = {
                     url = "https://${
                       if (hasSuffix "luj" name) then
@@ -167,7 +167,6 @@ in
     ];
 
     machine = mergeSub (c: c.machine);
-    statelessUptimeKuma = mergeSub (c: c.statelessUptimeKuma);
 
   };
 }