Laurent/infrastructure
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

🚚 (cesium) rename <thing>/default.nix to thing.nix

Browse source 
 (cesium) add back gatus service
This commit is contained in:
Laureηt 2024-10-06 16:24:21 +02:00
parent 760a8c9ae5
commit c70e047c9f
Signed by: Laurent
SSH key fingerprint: SHA256:pb5NrYg80So5z9hmqQFPmp//sgr+DFeJkKhmGyU2NLk
16 changed files with 254 additions and 213 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
hosts/cesium/services/acme/default.nix → hosts/cesium/services/acme.nix
View file

0
hosts/cesium/services/atuin/default.nix → hosts/cesium/services/atuin.nix
View file

17
hosts/cesium/services/default.nix
View file

@ -1,18 +1,11 @@
{...}: {
imports = [
./acme
./atuin
# ./gatus
./gitea
./nginx
./ssh
./acme.nix
./atuin.nix
./fail2ban.nix
./gatus.nix
./gitea.nix
./ssh.nix
];
networking.firewall = {
allowedTCPPorts = [
80 # http
443 # https / tls
];
};
}

233
hosts/cesium/services/gatus.nix Normal file
View file

@ -0,0 +1,233 @@
{...}: {
services.gatus = {
enable = true;
settings = {
web.port = 2020;
endpoints = [
{
name = "fainsin.bzh";
url = "https://fainsin.bzh";
interval = "6h";
conditions = [
"[DOMAIN_EXPIRATION] > 720h"
];
}
{
name = "laurent.fainsin.bzh";
group = "web";
url = "https://laurent.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>Laurent Fainsin</title>*)"
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "resume.laurent.fainsin.bzh";
group = "web";
url = "https://resume.laurent.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "git.fainsin.bzh";
group = "services";
url = "https://git.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY] == pat(*<title>Explore - Forgejo: Beyond coding. We Forge.</title>*)"
];
}
{
name = "atuin.fainsin.bzh";
group = "services";
url = "https://atuin.fainsin.bzh";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY].homage == pat(*Sir Terry Pratchett*)"
];
}
{
name = "status.fainsin.bzh";
group = "services";
url = "https://status.fainsin.bzh";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY] == pat(*<title>Health Dashboard | Gatus</title>*)"
];
}
{
name = "n7.laurent.fainsin.bzh";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh";
interval = "15m";
conditions = [
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "projet-audionumerique";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-audionumerique/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Whisper</h1>*)"
];
}
{
name = "projet-systemes-algorithmes-repartis";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*The RAFT Consensus Algorithm*)"
];
}
{
name = "projet-intelligence-artificielle-multimedia";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Projet IAM*)"
];
}
{
name = "projet-probleme-inverse-3D";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
];
}
{
name = "projet-modelisation-geometrique";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Projet de Modélisation Géométrique*)"
];
}
{
name = "projet-long";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-long/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-long/assets/index*)"
];
}
{
name = "projet-oral-japonais";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-oral-japonais/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(**)"
];
}
{
name = "projet-oral-anglais";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-oral-anglais/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>CAPTCHA</title>*)"
];
}
{
name = "projet-fin-etude";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-fin-etude/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-fin-etude/assets/index*)"
];
}
{
name = "TP-calcul-parallele";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>Benchmarking Distributed GEMM Algorithms</title>*)"
];
}
{
name = "TP-reinforcement-learning";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*pluto_notebook*)"
];
}
{
name = "TP-traitement-audio-visuel";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*pluto_notebook*)"
];
}
];
};
};
services.nginx = {
virtualHosts = {
"status.fainsin.bzh" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:2020";
};
};
};
}

176
hosts/cesium/services/gatus/config.yml
View file

@ -1,176 +0,0 @@
web:
port: 2020
endpoints:
- name: fainsin.bzh
url: "https://fainsin.bzh"
interval: 6h
conditions:
- "[DOMAIN_EXPIRATION] > 720h"
- name: laurent.fainsin.bzh
group: web
url: "https://laurent.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>Laurent Fainsin</title>*)"
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: resume.laurent.fainsin.bzh
group: web
url: "https://resume.laurent.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: git.fainsin.bzh
group: services
url: "https://git.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY] == pat(*<title>Explore - gitea: Gitea Service</title>*)"
- name: atuin.fainsin.bzh
group: services
url: "https://atuin.fainsin.bzh"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY].homage == pat(*Sir Terry Pratchett*)"
- name: status.fainsin.bzh
group: services
url: "https://status.fainsin.bzh"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY] == pat(*<title>Health Dashboard | Gatus</title>*)"
- name: n7.laurent.fainsin.bzh
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh"
interval: 15m
conditions:
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: "projet-audionumerique"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-audionumerique/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Whisper</h1>*)"
- name: "projet-systemes-algorithmes-repartis"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*The RAFT Consensus Algorithm*)"
- name: "projet-intelligence-artificielle-multimedia"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Projet IAM*)"
- name: "projet-probleme-inverse-3D"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
- name: "projet-modelisation-geometrique"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Projet de Modélisation Géométrique*)"
- name: "projet-long"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-long/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-long/assets/index*)"
- name: "projet-oral-japonais"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-oral-japonais/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*わたしたちのまちは*)"
- name: "projet-oral-anglais"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-oral-anglais/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>CAPTCHA</title>*)"
- name: "projet-fin-etude"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-fin-etude/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-fin-etude/assets/index*)"
- name: "TP-calcul-parallele"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>Benchmarking Distributed GEMM Algorithms</title>*)"
- name: "TP-reinforcement-learning"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*pluto_notebook*)"
- name: "TP-traitement-audio-visuel"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*pluto_notebook*)"

16
hosts/cesium/services/gatus/default.nix
View file

@ -1,16 +0,0 @@
{...}: {
services.gatus = {
enable = true;
configPath = ./config.yml;
};
services.nginx = {
virtualHosts = {
"status.fainsin.bzh" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:2020";
};
};
};
}

0
hosts/cesium/services/gitea/default.nix → hosts/cesium/services/gitea.nix
View file

0
hosts/cesium/services/ssh/default.nix → hosts/cesium/services/ssh.nix
View file

2
hosts/cesium/system/age/default.nix → hosts/cesium/system/age.nix
View file

@ -1,6 +1,6 @@
{...}: {
age.secrets.gitea = {
file = ../../../../secrets/gitea.age;
file = ../../../secrets/gitea.age;
owner = "forgejo";
group = "forgejo";
};

0
hosts/cesium/system/boot/default.nix → hosts/cesium/system/boot.nix
View file

13
hosts/cesium/system/default.nix
View file

@ -13,11 +13,12 @@
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
(modulesPath + "/profiles/qemu-guest.nix")
./age
./boot
./disko
./networking
./packages
./users
./age.nix
./boot.nix
./disko.nix
./networking.nix
./nix.nix
./packages.nix
./users.nix
];
}

0
hosts/cesium/system/disko/default.nix → hosts/cesium/system/disko.nix
View file

8
hosts/cesium/system/networking/default.nix → hosts/cesium/system/networking.nix
View file

@ -10,7 +10,13 @@
nameservers = ["1.1.1.2" "1.0.0.2"];
# firewall
firewall.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
80 # http
443 # tls
];
};
# https://github.com/StevenBlack/hosts
stevenblack.enable = true;

2
hosts/cesium/system/nix/default.nix → hosts/cesium/system/nix.nix
View file

@ -8,7 +8,7 @@
nix.settings.auto-optimise-store = true;
nix.optimise = {
automatic = true;
dates = "daily";
dates = ["12:00"];
};
# garbage collection

0
hosts/cesium/system/packages/default.nix → hosts/cesium/system/packages.nix
View file

0
hosts/cesium/system/users/default.nix → hosts/cesium/system/users.nix
View file