From c70e047c9f2eaf3507164889385a3a72935199fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laure=CE=B7t?= Date: Sun, 6 Oct 2024 16:24:21 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=9A=20(cesium)=20rename=20/defa?= =?UTF-8?q?ult.nix=20to=20thing.nix=20=E2=9C=A8=20(cesium)=20add=20back=20?= =?UTF-8?q?gatus=20service?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../services/{acme/default.nix => acme.nix} | 0 .../services/{atuin/default.nix => atuin.nix} | 0 hosts/cesium/services/default.nix | 17 +- hosts/cesium/services/gatus.nix | 233 ++++++++++++++++++ hosts/cesium/services/gatus/config.yml | 176 ------------- hosts/cesium/services/gatus/default.nix | 16 -- .../services/{gitea/default.nix => gitea.nix} | 0 .../services/{ssh/default.nix => ssh.nix} | 0 .../system/{age/default.nix => age.nix} | 2 +- .../system/{boot/default.nix => boot.nix} | 0 hosts/cesium/system/default.nix | 13 +- .../system/{disko/default.nix => disko.nix} | 0 .../default.nix => networking.nix} | 8 +- .../system/{nix/default.nix => nix.nix} | 2 +- .../{packages/default.nix => packages.nix} | 0 .../system/{users/default.nix => users.nix} | 0 16 files changed, 254 insertions(+), 213 deletions(-) rename hosts/cesium/services/{acme/default.nix => acme.nix} (100%) rename hosts/cesium/services/{atuin/default.nix => atuin.nix} (100%) create mode 100644 hosts/cesium/services/gatus.nix delete mode 100644 hosts/cesium/services/gatus/config.yml delete mode 100644 hosts/cesium/services/gatus/default.nix rename hosts/cesium/services/{gitea/default.nix => gitea.nix} (100%) rename hosts/cesium/services/{ssh/default.nix => ssh.nix} (100%) rename hosts/cesium/system/{age/default.nix => age.nix} (67%) rename hosts/cesium/system/{boot/default.nix => boot.nix} (100%) rename hosts/cesium/system/{disko/default.nix => disko.nix} (100%) rename hosts/cesium/system/{networking/default.nix => networking.nix} (74%) rename hosts/cesium/system/{nix/default.nix => nix.nix} (96%) rename hosts/cesium/system/{packages/default.nix => packages.nix} (100%) rename hosts/cesium/system/{users/default.nix => users.nix} (100%) diff --git a/hosts/cesium/services/acme/default.nix b/hosts/cesium/services/acme.nix similarity index 100% rename from hosts/cesium/services/acme/default.nix rename to hosts/cesium/services/acme.nix diff --git a/hosts/cesium/services/atuin/default.nix b/hosts/cesium/services/atuin.nix similarity index 100% rename from hosts/cesium/services/atuin/default.nix rename to hosts/cesium/services/atuin.nix diff --git a/hosts/cesium/services/default.nix b/hosts/cesium/services/default.nix index 3580388..4b1852e 100644 --- a/hosts/cesium/services/default.nix +++ b/hosts/cesium/services/default.nix @@ -1,18 +1,11 @@ {...}: { imports = [ - ./acme - ./atuin - # ./gatus - ./gitea ./nginx - ./ssh + ./acme.nix + ./atuin.nix ./fail2ban.nix + ./gatus.nix + ./gitea.nix + ./ssh.nix ]; - - networking.firewall = { - allowedTCPPorts = [ - 80 # http - 443 # https / tls - ]; - }; } diff --git a/hosts/cesium/services/gatus.nix b/hosts/cesium/services/gatus.nix new file mode 100644 index 0000000..8e0b01e --- /dev/null +++ b/hosts/cesium/services/gatus.nix @@ -0,0 +1,233 @@ +{...}: { + services.gatus = { + enable = true; + + settings = { + web.port = 2020; + + endpoints = [ + { + name = "fainsin.bzh"; + url = "https://fainsin.bzh"; + interval = "6h"; + conditions = [ + "[DOMAIN_EXPIRATION] > 720h" + ]; + } + { + name = "laurent.fainsin.bzh"; + group = "web"; + url = "https://laurent.fainsin.bzh"; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*Laurent Fainsin*)" + "[CERTIFICATE_EXPIRATION] > 240h" + ]; + } + { + name = "resume.laurent.fainsin.bzh"; + group = "web"; + url = "https://resume.laurent.fainsin.bzh"; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[CERTIFICATE_EXPIRATION] > 240h" + ]; + } + { + name = "git.fainsin.bzh"; + group = "services"; + url = "https://git.fainsin.bzh"; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[CERTIFICATE_EXPIRATION] > 240h" + "[BODY] == pat(*Explore - Forgejo: Beyond coding. We Forge.*)" + ]; + } + { + name = "atuin.fainsin.bzh"; + group = "services"; + url = "https://atuin.fainsin.bzh"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[CERTIFICATE_EXPIRATION] > 240h" + "[BODY].homage == pat(*Sir Terry Pratchett*)" + ]; + } + { + name = "status.fainsin.bzh"; + group = "services"; + url = "https://status.fainsin.bzh"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[CERTIFICATE_EXPIRATION] > 240h" + "[BODY] == pat(*Health Dashboard | Gatus*)" + ]; + } + { + name = "n7.laurent.fainsin.bzh"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh"; + interval = "15m"; + conditions = [ + "[CERTIFICATE_EXPIRATION] > 240h" + ]; + } + { + name = "projet-audionumerique"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-audionumerique/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*Whisper*)" + ]; + } + { + name = "projet-systemes-algorithmes-repartis"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*The RAFT Consensus Algorithm*)" + ]; + } + { + name = "projet-intelligence-artificielle-multimedia"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*Projet IAM*)" + ]; + } + { + name = "projet-probleme-inverse-3D"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*slidevjs/slidev*)" + "[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)" + ]; + } + { + name = "projet-modelisation-geometrique"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*Projet de Modélisation Géométrique*)" + ]; + } + { + name = "projet-long"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-long/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*slidevjs/slidev*)" + "[BODY] == pat(*/projet-long/assets/index*)" + ]; + } + { + name = "projet-oral-japonais"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-oral-japonais/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*わたしたちのまちは*)" + ]; + } + { + name = "projet-oral-anglais"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-oral-anglais/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*CAPTCHA*)" + ]; + } + { + name = "projet-fin-etude"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/projet-fin-etude/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*slidevjs/slidev*)" + "[BODY] == pat(*/projet-fin-etude/assets/index*)" + ]; + } + { + name = "TP-calcul-parallele"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*Benchmarking Distributed GEMM Algorithms*)" + ]; + } + { + name = "TP-reinforcement-learning"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*pluto_notebook*)" + ]; + } + { + name = "TP-traitement-audio-visuel"; + group = "n7.laurent.fainsin.bzh"; + url = "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/"; + interval = "15m"; + conditions = [ + "[STATUS] == 200" + "[RESPONSE_TIME] < 300" + "[BODY] == pat(*pluto_notebook*)" + ]; + } + ]; + }; + }; + + services.nginx = { + virtualHosts = { + "status.fainsin.bzh" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:2020"; + }; + }; + }; +} diff --git a/hosts/cesium/services/gatus/config.yml b/hosts/cesium/services/gatus/config.yml deleted file mode 100644 index 8a15783..0000000 --- a/hosts/cesium/services/gatus/config.yml +++ /dev/null @@ -1,176 +0,0 @@ -web: - port: 2020 - -endpoints: - - name: fainsin.bzh - url: "https://fainsin.bzh" - interval: 6h - conditions: - - "[DOMAIN_EXPIRATION] > 720h" - - - name: laurent.fainsin.bzh - group: web - url: "https://laurent.fainsin.bzh" - interval: 5m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*Laurent Fainsin*)" - - "[CERTIFICATE_EXPIRATION] > 240h" - - - name: resume.laurent.fainsin.bzh - group: web - url: "https://resume.laurent.fainsin.bzh" - interval: 5m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[CERTIFICATE_EXPIRATION] > 240h" - - - name: git.fainsin.bzh - group: services - url: "https://git.fainsin.bzh" - interval: 5m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[CERTIFICATE_EXPIRATION] > 240h" - - "[BODY] == pat(*Explore - gitea: Gitea Service*)" - - - name: atuin.fainsin.bzh - group: services - url: "https://atuin.fainsin.bzh" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[CERTIFICATE_EXPIRATION] > 240h" - - "[BODY].homage == pat(*Sir Terry Pratchett*)" - - - name: status.fainsin.bzh - group: services - url: "https://status.fainsin.bzh" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[CERTIFICATE_EXPIRATION] > 240h" - - "[BODY] == pat(*Health Dashboard | Gatus*)" - - - name: n7.laurent.fainsin.bzh - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh" - interval: 15m - conditions: - - "[CERTIFICATE_EXPIRATION] > 240h" - - - name: "projet-audionumerique" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-audionumerique/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*Whisper*)" - - - name: "projet-systemes-algorithmes-repartis" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*The RAFT Consensus Algorithm*)" - - - name: "projet-intelligence-artificielle-multimedia" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*Projet IAM*)" - - - name: "projet-probleme-inverse-3D" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*slidevjs/slidev*)" - - "[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)" - - - name: "projet-modelisation-geometrique" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*Projet de Modélisation Géométrique*)" - - - name: "projet-long" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-long/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*slidevjs/slidev*)" - - "[BODY] == pat(*/projet-long/assets/index*)" - - - name: "projet-oral-japonais" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-oral-japonais/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*わたしたちのまちは*)" - - - name: "projet-oral-anglais" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-oral-anglais/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*CAPTCHA*)" - - - name: "projet-fin-etude" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/projet-fin-etude/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*slidevjs/slidev*)" - - "[BODY] == pat(*/projet-fin-etude/assets/index*)" - - - name: "TP-calcul-parallele" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*Benchmarking Distributed GEMM Algorithms*)" - - - name: "TP-reinforcement-learning" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*pluto_notebook*)" - - - name: "TP-traitement-audio-visuel" - group: n7.laurent.fainsin.bzh - url: "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/" - interval: 15m - conditions: - - "[STATUS] == 200" - - "[RESPONSE_TIME] < 300" - - "[BODY] == pat(*pluto_notebook*)" diff --git a/hosts/cesium/services/gatus/default.nix b/hosts/cesium/services/gatus/default.nix deleted file mode 100644 index 501da56..0000000 --- a/hosts/cesium/services/gatus/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{...}: { - services.gatus = { - enable = true; - configPath = ./config.yml; - }; - - services.nginx = { - virtualHosts = { - "status.fainsin.bzh" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:2020"; - }; - }; - }; -} diff --git a/hosts/cesium/services/gitea/default.nix b/hosts/cesium/services/gitea.nix similarity index 100% rename from hosts/cesium/services/gitea/default.nix rename to hosts/cesium/services/gitea.nix diff --git a/hosts/cesium/services/ssh/default.nix b/hosts/cesium/services/ssh.nix similarity index 100% rename from hosts/cesium/services/ssh/default.nix rename to hosts/cesium/services/ssh.nix diff --git a/hosts/cesium/system/age/default.nix b/hosts/cesium/system/age.nix similarity index 67% rename from hosts/cesium/system/age/default.nix rename to hosts/cesium/system/age.nix index 185a3e0..1402b13 100644 --- a/hosts/cesium/system/age/default.nix +++ b/hosts/cesium/system/age.nix @@ -1,6 +1,6 @@ {...}: { age.secrets.gitea = { - file = ../../../../secrets/gitea.age; + file = ../../../secrets/gitea.age; owner = "forgejo"; group = "forgejo"; }; diff --git a/hosts/cesium/system/boot/default.nix b/hosts/cesium/system/boot.nix similarity index 100% rename from hosts/cesium/system/boot/default.nix rename to hosts/cesium/system/boot.nix diff --git a/hosts/cesium/system/default.nix b/hosts/cesium/system/default.nix index 1decc50..d468d64 100644 --- a/hosts/cesium/system/default.nix +++ b/hosts/cesium/system/default.nix @@ -13,11 +13,12 @@ # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix (modulesPath + "/profiles/qemu-guest.nix") - ./age - ./boot - ./disko - ./networking - ./packages - ./users + ./age.nix + ./boot.nix + ./disko.nix + ./networking.nix + ./nix.nix + ./packages.nix + ./users.nix ]; } diff --git a/hosts/cesium/system/disko/default.nix b/hosts/cesium/system/disko.nix similarity index 100% rename from hosts/cesium/system/disko/default.nix rename to hosts/cesium/system/disko.nix diff --git a/hosts/cesium/system/networking/default.nix b/hosts/cesium/system/networking.nix similarity index 74% rename from hosts/cesium/system/networking/default.nix rename to hosts/cesium/system/networking.nix index 19bb319..81dcc9e 100644 --- a/hosts/cesium/system/networking/default.nix +++ b/hosts/cesium/system/networking.nix @@ -10,7 +10,13 @@ nameservers = ["1.1.1.2" "1.0.0.2"]; # firewall - firewall.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [ + 80 # http + 443 # tls + ]; + }; # https://github.com/StevenBlack/hosts stevenblack.enable = true; diff --git a/hosts/cesium/system/nix/default.nix b/hosts/cesium/system/nix.nix similarity index 96% rename from hosts/cesium/system/nix/default.nix rename to hosts/cesium/system/nix.nix index c6756e5..cb8193c 100644 --- a/hosts/cesium/system/nix/default.nix +++ b/hosts/cesium/system/nix.nix @@ -8,7 +8,7 @@ nix.settings.auto-optimise-store = true; nix.optimise = { automatic = true; - dates = "daily"; + dates = ["12:00"]; }; # garbage collection diff --git a/hosts/cesium/system/packages/default.nix b/hosts/cesium/system/packages.nix similarity index 100% rename from hosts/cesium/system/packages/default.nix rename to hosts/cesium/system/packages.nix diff --git a/hosts/cesium/system/users/default.nix b/hosts/cesium/system/users.nix similarity index 100% rename from hosts/cesium/system/users/default.nix rename to hosts/cesium/system/users.nix