diff --git a/hosts/cesium/services/acme/default.nix b/hosts/cesium/services/acme.nix
similarity index 100%
rename from hosts/cesium/services/acme/default.nix
rename to hosts/cesium/services/acme.nix
diff --git a/hosts/cesium/services/atuin/default.nix b/hosts/cesium/services/atuin.nix
similarity index 100%
rename from hosts/cesium/services/atuin/default.nix
rename to hosts/cesium/services/atuin.nix
diff --git a/hosts/cesium/services/default.nix b/hosts/cesium/services/default.nix
index 3580388..4b1852e 100644
--- a/hosts/cesium/services/default.nix
+++ b/hosts/cesium/services/default.nix
@@ -1,18 +1,11 @@
{...}: {
imports = [
- ./acme
- ./atuin
- # ./gatus
- ./gitea
./nginx
- ./ssh
+ ./acme.nix
+ ./atuin.nix
./fail2ban.nix
+ ./gatus.nix
+ ./gitea.nix
+ ./ssh.nix
];
-
- networking.firewall = {
- allowedTCPPorts = [
- 80 # http
- 443 # https / tls
- ];
- };
}
diff --git a/hosts/cesium/services/gatus.nix b/hosts/cesium/services/gatus.nix
new file mode 100644
index 0000000..8e0b01e
--- /dev/null
+++ b/hosts/cesium/services/gatus.nix
@@ -0,0 +1,233 @@
+{...}: {
+ services.gatus = {
+ enable = true;
+
+ settings = {
+ web.port = 2020;
+
+ endpoints = [
+ {
+ name = "fainsin.bzh";
+ url = "https://fainsin.bzh";
+ interval = "6h";
+ conditions = [
+ "[DOMAIN_EXPIRATION] > 720h"
+ ];
+ }
+ {
+ name = "laurent.fainsin.bzh";
+ group = "web";
+ url = "https://laurent.fainsin.bzh";
+ interval = "5m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*
Laurent Fainsin*)"
+ "[CERTIFICATE_EXPIRATION] > 240h"
+ ];
+ }
+ {
+ name = "resume.laurent.fainsin.bzh";
+ group = "web";
+ url = "https://resume.laurent.fainsin.bzh";
+ interval = "5m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[CERTIFICATE_EXPIRATION] > 240h"
+ ];
+ }
+ {
+ name = "git.fainsin.bzh";
+ group = "services";
+ url = "https://git.fainsin.bzh";
+ interval = "5m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[CERTIFICATE_EXPIRATION] > 240h"
+ "[BODY] == pat(*Explore - Forgejo: Beyond coding. We Forge.*)"
+ ];
+ }
+ {
+ name = "atuin.fainsin.bzh";
+ group = "services";
+ url = "https://atuin.fainsin.bzh";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[CERTIFICATE_EXPIRATION] > 240h"
+ "[BODY].homage == pat(*Sir Terry Pratchett*)"
+ ];
+ }
+ {
+ name = "status.fainsin.bzh";
+ group = "services";
+ url = "https://status.fainsin.bzh";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[CERTIFICATE_EXPIRATION] > 240h"
+ "[BODY] == pat(*Health Dashboard | Gatus*)"
+ ];
+ }
+ {
+ name = "n7.laurent.fainsin.bzh";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh";
+ interval = "15m";
+ conditions = [
+ "[CERTIFICATE_EXPIRATION] > 240h"
+ ];
+ }
+ {
+ name = "projet-audionumerique";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-audionumerique/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*Whisper*)"
+ ];
+ }
+ {
+ name = "projet-systemes-algorithmes-repartis";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*The RAFT Consensus Algorithm*)"
+ ];
+ }
+ {
+ name = "projet-intelligence-artificielle-multimedia";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*Projet IAM*)"
+ ];
+ }
+ {
+ name = "projet-probleme-inverse-3D";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*slidevjs/slidev*)"
+ "[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
+ ];
+ }
+ {
+ name = "projet-modelisation-geometrique";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*Projet de Modélisation Géométrique*)"
+ ];
+ }
+ {
+ name = "projet-long";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-long/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*slidevjs/slidev*)"
+ "[BODY] == pat(*/projet-long/assets/index*)"
+ ];
+ }
+ {
+ name = "projet-oral-japonais";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-oral-japonais/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*わたしたちのまちは*)"
+ ];
+ }
+ {
+ name = "projet-oral-anglais";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-oral-anglais/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*CAPTCHA*)"
+ ];
+ }
+ {
+ name = "projet-fin-etude";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/projet-fin-etude/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*slidevjs/slidev*)"
+ "[BODY] == pat(*/projet-fin-etude/assets/index*)"
+ ];
+ }
+ {
+ name = "TP-calcul-parallele";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*Benchmarking Distributed GEMM Algorithms*)"
+ ];
+ }
+ {
+ name = "TP-reinforcement-learning";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*pluto_notebook*)"
+ ];
+ }
+ {
+ name = "TP-traitement-audio-visuel";
+ group = "n7.laurent.fainsin.bzh";
+ url = "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/";
+ interval = "15m";
+ conditions = [
+ "[STATUS] == 200"
+ "[RESPONSE_TIME] < 300"
+ "[BODY] == pat(*pluto_notebook*)"
+ ];
+ }
+ ];
+ };
+ };
+
+ services.nginx = {
+ virtualHosts = {
+ "status.fainsin.bzh" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".proxyPass = "http://127.0.0.1:2020";
+ };
+ };
+ };
+}
diff --git a/hosts/cesium/services/gatus/config.yml b/hosts/cesium/services/gatus/config.yml
deleted file mode 100644
index 8a15783..0000000
--- a/hosts/cesium/services/gatus/config.yml
+++ /dev/null
@@ -1,176 +0,0 @@
-web:
- port: 2020
-
-endpoints:
- - name: fainsin.bzh
- url: "https://fainsin.bzh"
- interval: 6h
- conditions:
- - "[DOMAIN_EXPIRATION] > 720h"
-
- - name: laurent.fainsin.bzh
- group: web
- url: "https://laurent.fainsin.bzh"
- interval: 5m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*Laurent Fainsin*)"
- - "[CERTIFICATE_EXPIRATION] > 240h"
-
- - name: resume.laurent.fainsin.bzh
- group: web
- url: "https://resume.laurent.fainsin.bzh"
- interval: 5m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[CERTIFICATE_EXPIRATION] > 240h"
-
- - name: git.fainsin.bzh
- group: services
- url: "https://git.fainsin.bzh"
- interval: 5m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[CERTIFICATE_EXPIRATION] > 240h"
- - "[BODY] == pat(*Explore - gitea: Gitea Service*)"
-
- - name: atuin.fainsin.bzh
- group: services
- url: "https://atuin.fainsin.bzh"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[CERTIFICATE_EXPIRATION] > 240h"
- - "[BODY].homage == pat(*Sir Terry Pratchett*)"
-
- - name: status.fainsin.bzh
- group: services
- url: "https://status.fainsin.bzh"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[CERTIFICATE_EXPIRATION] > 240h"
- - "[BODY] == pat(*Health Dashboard | Gatus*)"
-
- - name: n7.laurent.fainsin.bzh
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh"
- interval: 15m
- conditions:
- - "[CERTIFICATE_EXPIRATION] > 240h"
-
- - name: "projet-audionumerique"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-audionumerique/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*Whisper*)"
-
- - name: "projet-systemes-algorithmes-repartis"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*The RAFT Consensus Algorithm*)"
-
- - name: "projet-intelligence-artificielle-multimedia"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*Projet IAM*)"
-
- - name: "projet-probleme-inverse-3D"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*slidevjs/slidev*)"
- - "[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
-
- - name: "projet-modelisation-geometrique"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*Projet de Modélisation Géométrique*)"
-
- - name: "projet-long"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-long/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*slidevjs/slidev*)"
- - "[BODY] == pat(*/projet-long/assets/index*)"
-
- - name: "projet-oral-japonais"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-oral-japonais/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*わたしたちのまちは*)"
-
- - name: "projet-oral-anglais"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-oral-anglais/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*CAPTCHA*)"
-
- - name: "projet-fin-etude"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/projet-fin-etude/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*slidevjs/slidev*)"
- - "[BODY] == pat(*/projet-fin-etude/assets/index*)"
-
- - name: "TP-calcul-parallele"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*Benchmarking Distributed GEMM Algorithms*)"
-
- - name: "TP-reinforcement-learning"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*pluto_notebook*)"
-
- - name: "TP-traitement-audio-visuel"
- group: n7.laurent.fainsin.bzh
- url: "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/"
- interval: 15m
- conditions:
- - "[STATUS] == 200"
- - "[RESPONSE_TIME] < 300"
- - "[BODY] == pat(*pluto_notebook*)"
diff --git a/hosts/cesium/services/gatus/default.nix b/hosts/cesium/services/gatus/default.nix
deleted file mode 100644
index 501da56..0000000
--- a/hosts/cesium/services/gatus/default.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{...}: {
- services.gatus = {
- enable = true;
- configPath = ./config.yml;
- };
-
- services.nginx = {
- virtualHosts = {
- "status.fainsin.bzh" = {
- forceSSL = true;
- enableACME = true;
- locations."/".proxyPass = "http://127.0.0.1:2020";
- };
- };
- };
-}
diff --git a/hosts/cesium/services/gitea/default.nix b/hosts/cesium/services/gitea.nix
similarity index 100%
rename from hosts/cesium/services/gitea/default.nix
rename to hosts/cesium/services/gitea.nix
diff --git a/hosts/cesium/services/ssh/default.nix b/hosts/cesium/services/ssh.nix
similarity index 100%
rename from hosts/cesium/services/ssh/default.nix
rename to hosts/cesium/services/ssh.nix
diff --git a/hosts/cesium/system/age/default.nix b/hosts/cesium/system/age.nix
similarity index 67%
rename from hosts/cesium/system/age/default.nix
rename to hosts/cesium/system/age.nix
index 185a3e0..1402b13 100644
--- a/hosts/cesium/system/age/default.nix
+++ b/hosts/cesium/system/age.nix
@@ -1,6 +1,6 @@
{...}: {
age.secrets.gitea = {
- file = ../../../../secrets/gitea.age;
+ file = ../../../secrets/gitea.age;
owner = "forgejo";
group = "forgejo";
};
diff --git a/hosts/cesium/system/boot/default.nix b/hosts/cesium/system/boot.nix
similarity index 100%
rename from hosts/cesium/system/boot/default.nix
rename to hosts/cesium/system/boot.nix
diff --git a/hosts/cesium/system/default.nix b/hosts/cesium/system/default.nix
index 1decc50..d468d64 100644
--- a/hosts/cesium/system/default.nix
+++ b/hosts/cesium/system/default.nix
@@ -13,11 +13,12 @@
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
(modulesPath + "/profiles/qemu-guest.nix")
- ./age
- ./boot
- ./disko
- ./networking
- ./packages
- ./users
+ ./age.nix
+ ./boot.nix
+ ./disko.nix
+ ./networking.nix
+ ./nix.nix
+ ./packages.nix
+ ./users.nix
];
}
diff --git a/hosts/cesium/system/disko/default.nix b/hosts/cesium/system/disko.nix
similarity index 100%
rename from hosts/cesium/system/disko/default.nix
rename to hosts/cesium/system/disko.nix
diff --git a/hosts/cesium/system/networking/default.nix b/hosts/cesium/system/networking.nix
similarity index 74%
rename from hosts/cesium/system/networking/default.nix
rename to hosts/cesium/system/networking.nix
index 19bb319..81dcc9e 100644
--- a/hosts/cesium/system/networking/default.nix
+++ b/hosts/cesium/system/networking.nix
@@ -10,7 +10,13 @@
nameservers = ["1.1.1.2" "1.0.0.2"];
# firewall
- firewall.enable = true;
+ firewall = {
+ enable = true;
+ allowedTCPPorts = [
+ 80 # http
+ 443 # tls
+ ];
+ };
# https://github.com/StevenBlack/hosts
stevenblack.enable = true;
diff --git a/hosts/cesium/system/nix/default.nix b/hosts/cesium/system/nix.nix
similarity index 96%
rename from hosts/cesium/system/nix/default.nix
rename to hosts/cesium/system/nix.nix
index c6756e5..cb8193c 100644
--- a/hosts/cesium/system/nix/default.nix
+++ b/hosts/cesium/system/nix.nix
@@ -8,7 +8,7 @@
nix.settings.auto-optimise-store = true;
nix.optimise = {
automatic = true;
- dates = "daily";
+ dates = ["12:00"];
};
# garbage collection
diff --git a/hosts/cesium/system/packages/default.nix b/hosts/cesium/system/packages.nix
similarity index 100%
rename from hosts/cesium/system/packages/default.nix
rename to hosts/cesium/system/packages.nix
diff --git a/hosts/cesium/system/users/default.nix b/hosts/cesium/system/users.nix
similarity index 100%
rename from hosts/cesium/system/users/default.nix
rename to hosts/cesium/system/users.nix