From 116bb898e722075af0299adeeadd2af09b4916bb Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Fri, 13 Dec 2024 21:22:49 +0100 Subject: [PATCH 1/4] chore(gustave/songs): disable --- machines/gustave/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix index 692be2b..26a6267 100644 --- a/machines/gustave/default.nix +++ b/machines/gustave/default.nix @@ -145,7 +145,7 @@ luj.mediaserver = { enable = true; tv.enable = true; - music.enable = true; + music.enable = false; }; luj.deluge.interface = "wg0"; From 305070d9b11811efed29ccff9c5d75641a98da84 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Fri, 13 Dec 2024 21:23:11 +0100 Subject: [PATCH 2/4] fix(chore-data): add behind-sniproxy profile --- machines/core-data/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/core-data/default.nix b/machines/core-data/default.nix index ea3eeaa..116251b 100644 --- a/machines/core-data/default.nix +++ b/machines/core-data/default.nix @@ -19,6 +19,7 @@ profiles = with profiles; [ vm-simple-network server + behind-sniproxy ]; ips = { public.ipv4 = "82.67.34.230"; From 04f9dd2d7ca755f1a36b4c851aecee6717fd35c3 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Fri, 13 Dec 2024 21:24:15 +0100 Subject: [PATCH 3/4] feat: finish stateless uptime kuma monitors configuration --- machines/core-security/default.nix | 3 +++ machines/lambda/uptime-kuma.nix | 9 +++++++++ machines/tower/default.nix | 3 +++ modules/meta/default.nix | 12 +++++++++++- modules/nginx/default.nix | 3 +-- 5 files changed, 27 insertions(+), 3 deletions(-) diff --git a/machines/core-security/default.nix b/machines/core-security/default.nix index 5cf363c..b231d2e 100644 --- a/machines/core-security/default.nix +++ b/machines/core-security/default.nix @@ -121,6 +121,9 @@ security.acme.certs."ca.luj".server = lib.mkForce "https://127.0.0.1:8444/acme/acme/directory"; + machine.meta.monitors."ca.luj - IPv4".url = lib.mkForce "https://100.100.45.14/health"; + machine.meta.monitors."ca.luj - IPv6".url = lib.mkForce "https://[fd7a:115c:a1e0::e]/health"; + systemd.services."step-ca".after = [ "keycloak.service" ]; # TODO: Remove when keycloak is update in stable channel diff --git a/machines/lambda/uptime-kuma.nix b/machines/lambda/uptime-kuma.nix index d2a0823..1f16d6a 100644 --- a/machines/lambda/uptime-kuma.nix +++ b/machines/lambda/uptime-kuma.nix @@ -1,9 +1,17 @@ { pkgs, + lib, + nixosConfigurations, config, inputs, ... }: +let + + probesFromConfig = lib.mkMerge ( + lib.mapAttrsToList (_: value: value.config.machine.meta.monitors) nixosConfigurations + ); +in { services.uptime-kuma = { @@ -30,6 +38,7 @@ statelessUptimeKuma = { enableService = true; + probesConfig.monitors = probesFromConfig; extraFlags = [ "-s" "-v DEBUG" diff --git a/machines/tower/default.nix b/machines/tower/default.nix index 27b2ef5..818be9c 100644 --- a/machines/tower/default.nix +++ b/machines/tower/default.nix @@ -133,6 +133,9 @@ root = "/home/gitlab-runner/artifacts"; }; + machine.meta.monitors."phd.julienmalka.me - IPv4".accepted_statuscodes = [ "401" ]; + machine.meta.monitors."phd.julienmalka.me - IPv6".accepted_statuscodes = [ "401" ]; + systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/home/gitlab-runner/artifacts" ]; diff --git a/modules/meta/default.nix b/modules/meta/default.nix index 16d0fd5..f440663 100644 --- a/modules/meta/default.nix +++ b/modules/meta/default.nix @@ -1,4 +1,9 @@ -{ lib, profiles, ... }: +{ + pkgs, + lib, + profiles, + ... +}: { options.machine.meta = lib.mkOption { description = "Machine metadata"; @@ -38,6 +43,11 @@ default = with profiles; [ base ]; }; + monitors = mkOption { + default = { }; + type = types.attrsOf (pkgs.formats.json { }).type; + }; + defaultInterface = mkOption { description = "default interface of the machine"; default = "ens18"; diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix index 498a084..aa2dd54 100644 --- a/modules/nginx/default.nix +++ b/modules/nginx/default.nix @@ -59,7 +59,7 @@ in ''; systemConfig = _: { - statelessUptimeKuma.probesConfig.monitors = lib.mkIf (name != "default") { + machine.meta.monitors = lib.mkIf (name != "default") { "${name} - IPv4" = { url = "https://${ if (hasSuffix "luj" name) then @@ -167,7 +167,6 @@ in ]; machine = mergeSub (c: c.machine); - statelessUptimeKuma = mergeSub (c: c.statelessUptimeKuma); }; } From 7fad180d174a9c189ab8d9cee89b24efe71c3e7e Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Fri, 13 Dec 2024 21:27:45 +0100 Subject: [PATCH 4/4] feat(luj.fr): add monitor --- machines/gustave/nsd.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/machines/gustave/nsd.nix b/machines/gustave/nsd.nix index a541af7..f3ec84f 100644 --- a/machines/gustave/nsd.nix +++ b/machines/gustave/nsd.nix @@ -105,6 +105,29 @@ lib.mkMerge [ machine.meta.zones."luj.fr".AAAA = [ config.machine.meta.ips.public.ipv6 ]; machine.meta.zones."luj.fr".TXT = [ "homepage.luj.luj-static.page" ]; + machine.meta.monitors = { + "luj.fr - IPv4" = { + url = "https://${config.machine.meta.ips.public.ipv4}"; + type = "http"; + accepted_statuscodes = [ "200-299" ]; + headers = '' + { + "Host": "luj.fr" + } + ''; + }; + "luj.fr - IPv6" = { + url = "https://${config.machine.meta.ips.public.ipv6}"; + type = "http"; + accepted_statuscodes = [ "200-299" ]; + headers = '' + { + "Host": "luj.fr" + } + ''; + }; + }; + } # DNS Records from all non local configurations are exported here