Laurent/infrastructure
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: Laurent:5b0a8cd4b73a0321ea06efe89263e4fffea7ce5e
Branches Tags
Laurent:master
..
compare: Laurent:c70e047c9f2eaf3507164889385a3a72935199fb
Branches Tags
Laurent:master

3 commits
5b0a8cd4b7 ... c70e047c9f

Author SHA1 Message Date
Laureηt c70e047c9f
🚚 (cesium) rename <thing>/default.nix to thing.nix 
 (cesium) add back gatus service
 2024-10-06 16:24:21 +02:00
Laureηt 760a8c9ae5
🎨 (hosts) slightly rework main host file 2024-10-06 15:54:44 +02:00
Laureηt 79b1357774
🔥 remove gnome-keyring, simple ssh-agent 2024-10-06 15:33:12 +02:00
19 changed files with 268 additions and 233 deletions
Show stats Expand all files Collapse all files

1
home/desktop/hyprland.nix
View file

@ -21,7 +21,6 @@ in {
"${lib.getExe pkgs.mako}" "${lib.getExe pkgs.mako}"
"${lib.getExe pkgs.thunderbird}" "${lib.getExe pkgs.thunderbird}"
"${pkgs.wl-clipboard}/bin/wl-paste --watch ${lib.getExe pkgs.cliphist} store" "${pkgs.wl-clipboard}/bin/wl-paste --watch ${lib.getExe pkgs.cliphist} store"
"${pkgs.gnome-keyring}/bin/gnome-keyring-daemon --start --components=secrets"
"${pkgs.hyprland}/bin/hyprctl setcursor catppuccin-${cursor.flavor}-${cursor.accent}-cursors 24" # FIXME: shouldn't be necessary "${pkgs.hyprland}/bin/hyprctl setcursor catppuccin-${cursor.flavor}-${cursor.accent}-cursors 24" # FIXME: shouldn't be necessary
]; ];

25
hosts/aurum/system/security.nix
View file

@ -1,23 +1,20 @@
{pkgs, ...}: { {...}: {
# enable polkit # enable polkit
security.polkit.enable = true; security.polkit.enable = true;
# enable gpg agent
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
# secrets keyring
services.gnome.gnome-keyring.enable = true;
# seahorse secret manager
programs.seahorse.enable = true;
# RealtimeKit system # RealtimeKit system
security.rtkit.enable = true; security.rtkit.enable = true;
# allow swaylock to use pam # allow swaylock to use pam
security.pam.services.swaylock = {}; security.pam.services.swaylock = {};
# enable ssh agent
programs.ssh = {
startAgent = true;
agentTimeout = "1h";
};
# # ssh-askpass replacement
# programs.ssh.enableAskPassword = true;
# programs.seahorse.enable = true;
} }

0
hosts/cesium/services/acme/default.nix → hosts/cesium/services/acme.nix
View file

0
hosts/cesium/services/atuin/default.nix → hosts/cesium/services/atuin.nix
View file

17
hosts/cesium/services/default.nix
View file

@ -1,18 +1,11 @@
{...}: { {...}: {
imports = [ imports = [
./acme
./atuin
# ./gatus
./gitea
./nginx ./nginx
./ssh ./acme.nix
./atuin.nix
./fail2ban.nix ./fail2ban.nix
./gatus.nix
./gitea.nix
./ssh.nix
]; ];
networking.firewall = {
allowedTCPPorts = [
80 # http
443 # https / tls
];
};
} }

233
hosts/cesium/services/gatus.nix Normal file
View file

@ -0,0 +1,233 @@
{...}: {
services.gatus = {
enable = true;
settings = {
web.port = 2020;
endpoints = [
{
name = "fainsin.bzh";
url = "https://fainsin.bzh";
interval = "6h";
conditions = [
"[DOMAIN_EXPIRATION] > 720h"
];
}
{
name = "laurent.fainsin.bzh";
group = "web";
url = "https://laurent.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>Laurent Fainsin</title>*)"
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "resume.laurent.fainsin.bzh";
group = "web";
url = "https://resume.laurent.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "git.fainsin.bzh";
group = "services";
url = "https://git.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY] == pat(*<title>Explore - Forgejo: Beyond coding. We Forge.</title>*)"
];
}
{
name = "atuin.fainsin.bzh";
group = "services";
url = "https://atuin.fainsin.bzh";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY].homage == pat(*Sir Terry Pratchett*)"
];
}
{
name = "status.fainsin.bzh";
group = "services";
url = "https://status.fainsin.bzh";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY] == pat(*<title>Health Dashboard | Gatus</title>*)"
];
}
{
name = "n7.laurent.fainsin.bzh";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh";
interval = "15m";
conditions = [
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "projet-audionumerique";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-audionumerique/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Whisper</h1>*)"
];
}
{
name = "projet-systemes-algorithmes-repartis";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*The RAFT Consensus Algorithm*)"
];
}
{
name = "projet-intelligence-artificielle-multimedia";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Projet IAM*)"
];
}
{
name = "projet-probleme-inverse-3D";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
];
}
{
name = "projet-modelisation-geometrique";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Projet de Modélisation Géométrique*)"
];
}
{
name = "projet-long";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-long/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-long/assets/index*)"
];
}
{
name = "projet-oral-japonais";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-oral-japonais/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(**)"
];
}
{
name = "projet-oral-anglais";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-oral-anglais/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>CAPTCHA</title>*)"
];
}
{
name = "projet-fin-etude";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-fin-etude/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-fin-etude/assets/index*)"
];
}
{
name = "TP-calcul-parallele";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>Benchmarking Distributed GEMM Algorithms</title>*)"
];
}
{
name = "TP-reinforcement-learning";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*pluto_notebook*)"
];
}
{
name = "TP-traitement-audio-visuel";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*pluto_notebook*)"
];
}
];
};
};
services.nginx = {
virtualHosts = {
"status.fainsin.bzh" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:2020";
};
};
};
}

176
hosts/cesium/services/gatus/config.yml
View file

@ -1,176 +0,0 @@
web:
port: 2020
endpoints:
- name: fainsin.bzh
url: "https://fainsin.bzh"
interval: 6h
conditions:
- "[DOMAIN_EXPIRATION] > 720h"
- name: laurent.fainsin.bzh
group: web
url: "https://laurent.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>Laurent Fainsin</title>*)"
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: resume.laurent.fainsin.bzh
group: web
url: "https://resume.laurent.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: git.fainsin.bzh
group: services
url: "https://git.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY] == pat(*<title>Explore - gitea: Gitea Service</title>*)"
- name: atuin.fainsin.bzh
group: services
url: "https://atuin.fainsin.bzh"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY].homage == pat(*Sir Terry Pratchett*)"
- name: status.fainsin.bzh
group: services
url: "https://status.fainsin.bzh"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY] == pat(*<title>Health Dashboard | Gatus</title>*)"
- name: n7.laurent.fainsin.bzh
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh"
interval: 15m
conditions:
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: "projet-audionumerique"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-audionumerique/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Whisper</h1>*)"
- name: "projet-systemes-algorithmes-repartis"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*The RAFT Consensus Algorithm*)"
- name: "projet-intelligence-artificielle-multimedia"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Projet IAM*)"
- name: "projet-probleme-inverse-3D"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
- name: "projet-modelisation-geometrique"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Projet de Modélisation Géométrique*)"
- name: "projet-long"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-long/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-long/assets/index*)"
- name: "projet-oral-japonais"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-oral-japonais/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*わたしたちのまちは*)"
- name: "projet-oral-anglais"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-oral-anglais/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>CAPTCHA</title>*)"
- name: "projet-fin-etude"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-fin-etude/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-fin-etude/assets/index*)"
- name: "TP-calcul-parallele"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>Benchmarking Distributed GEMM Algorithms</title>*)"
- name: "TP-reinforcement-learning"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*pluto_notebook*)"
- name: "TP-traitement-audio-visuel"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*pluto_notebook*)"

16
hosts/cesium/services/gatus/default.nix
View file

@ -1,16 +0,0 @@
{...}: {
services.gatus = {
enable = true;
configPath = ./config.yml;
};
services.nginx = {
virtualHosts = {
"status.fainsin.bzh" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:2020";
};
};
};
}

0
hosts/cesium/services/gitea/default.nix → hosts/cesium/services/gitea.nix
View file

0
hosts/cesium/services/ssh/default.nix → hosts/cesium/services/ssh.nix
View file

2
hosts/cesium/system/age/default.nix → hosts/cesium/system/age.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
age.secrets.gitea = { age.secrets.gitea = {
file = ../../../../secrets/gitea.age; file = ../../../secrets/gitea.age;
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
}; };

0
hosts/cesium/system/boot/default.nix → hosts/cesium/system/boot.nix
View file

13
hosts/cesium/system/default.nix
View file

@ -13,11 +13,12 @@
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
./age ./age.nix
./boot ./boot.nix
./disko ./disko.nix
./networking ./networking.nix
./packages ./nix.nix
./users ./packages.nix
./users.nix
]; ];
} }

0
hosts/cesium/system/disko/default.nix → hosts/cesium/system/disko.nix
View file

8
hosts/cesium/system/networking/default.nix → hosts/cesium/system/networking.nix
View file

@ -10,7 +10,13 @@
nameservers = ["1.1.1.2" "1.0.0.2"]; nameservers = ["1.1.1.2" "1.0.0.2"];
# firewall # firewall
firewall.enable = true; firewall = {
enable = true;
allowedTCPPorts = [
80 # http
443 # tls
];
};
# https://github.com/StevenBlack/hosts # https://github.com/StevenBlack/hosts
stevenblack.enable = true; stevenblack.enable = true;

2
hosts/cesium/system/nix/default.nix → hosts/cesium/system/nix.nix
View file

@ -8,7 +8,7 @@
nix.settings.auto-optimise-store = true; nix.settings.auto-optimise-store = true;
nix.optimise = { nix.optimise = {
automatic = true; automatic = true;
dates = "daily"; dates = ["12:00"];
}; };
# garbage collection # garbage collection

0
hosts/cesium/system/packages/default.nix → hosts/cesium/system/packages.nix
View file

0
hosts/cesium/system/users/default.nix → hosts/cesium/system/users.nix
View file

8
hosts/default.nix
View file

@ -23,11 +23,11 @@ in {
modules = [ modules = [
./aurum ./aurum
inputs.catppuccin.nixosModules.catppuccin inputs.catppuccin.nixosModules.catppuccin
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.default
inputs.impermanence.nixosModules.impermanence
inputs.nixos-hardware.nixosModules.dell-xps-13-9315 inputs.nixos-hardware.nixosModules.dell-xps-13-9315
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.default
{inherit home-manager;} {inherit home-manager;}
]; ];
}; };
@ -41,10 +41,8 @@ in {
}; };
modules = [ modules = [
./cesium ./cesium
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.default inputs.disko.nixosModules.default
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
inputs.lanzaboote.nixosModules.lanzaboote
]; ];
}; };
} }