Laurent/infrastructure
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: Laurent:c70e047c9f2eaf3507164889385a3a72935199fb
Branches Tags
Laurent:master
..
compare: Laurent:5b0a8cd4b73a0321ea06efe89263e4fffea7ce5e
Branches Tags
Laurent:master

No commits in common. "c70e047c9f2eaf3507164889385a3a72935199fb" and "5b0a8cd4b73a0321ea06efe89263e4fffea7ce5e" have entirely different histories.
c70e047c9f ... 5b0a8cd4b7

19 changed files with 233 additions and 268 deletions
Show stats Expand all files Collapse all files

1
home/desktop/hyprland.nix
View file

@ -21,6 +21,7 @@ in {
"${lib.getExe pkgs.mako}"
"${lib.getExe pkgs.thunderbird}"
"${pkgs.wl-clipboard}/bin/wl-paste --watch ${lib.getExe pkgs.cliphist} store"
"${pkgs.gnome-keyring}/bin/gnome-keyring-daemon --start --components=secrets"
"${pkgs.hyprland}/bin/hyprctl setcursor catppuccin-${cursor.flavor}-${cursor.accent}-cursors 24" # FIXME: shouldn't be necessary
];

25
hosts/aurum/system/security.nix
View file

@ -1,20 +1,23 @@
{...}: {
{pkgs, ...}: {
# enable polkit
security.polkit.enable = true;
# enable gpg agent
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
# secrets keyring
services.gnome.gnome-keyring.enable = true;
# seahorse secret manager
programs.seahorse.enable = true;
# RealtimeKit system
security.rtkit.enable = true;
# allow swaylock to use pam
security.pam.services.swaylock = {};
# enable ssh agent
programs.ssh = {
startAgent = true;
agentTimeout = "1h";
};
# # ssh-askpass replacement
# programs.ssh.enableAskPassword = true;
# programs.seahorse.enable = true;
}

0
hosts/cesium/services/acme.nix → hosts/cesium/services/acme/default.nix
View file

0
hosts/cesium/services/atuin.nix → hosts/cesium/services/atuin/default.nix
View file

17
hosts/cesium/services/default.nix
View file

@ -1,11 +1,18 @@
{...}: {
imports = [
./acme
./atuin
# ./gatus
./gitea
./nginx
./acme.nix
./atuin.nix
./ssh
./fail2ban.nix
./gatus.nix
./gitea.nix
./ssh.nix
];
networking.firewall = {
allowedTCPPorts = [
80 # http
443 # https / tls
];
};
}

233
hosts/cesium/services/gatus.nix
View file

@ -1,233 +0,0 @@
{...}: {
services.gatus = {
enable = true;
settings = {
web.port = 2020;
endpoints = [
{
name = "fainsin.bzh";
url = "https://fainsin.bzh";
interval = "6h";
conditions = [
"[DOMAIN_EXPIRATION] > 720h"
];
}
{
name = "laurent.fainsin.bzh";
group = "web";
url = "https://laurent.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>Laurent Fainsin</title>*)"
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "resume.laurent.fainsin.bzh";
group = "web";
url = "https://resume.laurent.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "git.fainsin.bzh";
group = "services";
url = "https://git.fainsin.bzh";
interval = "5m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY] == pat(*<title>Explore - Forgejo: Beyond coding. We Forge.</title>*)"
];
}
{
name = "atuin.fainsin.bzh";
group = "services";
url = "https://atuin.fainsin.bzh";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY].homage == pat(*Sir Terry Pratchett*)"
];
}
{
name = "status.fainsin.bzh";
group = "services";
url = "https://status.fainsin.bzh";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[CERTIFICATE_EXPIRATION] > 240h"
"[BODY] == pat(*<title>Health Dashboard | Gatus</title>*)"
];
}
{
name = "n7.laurent.fainsin.bzh";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh";
interval = "15m";
conditions = [
"[CERTIFICATE_EXPIRATION] > 240h"
];
}
{
name = "projet-audionumerique";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-audionumerique/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Whisper</h1>*)"
];
}
{
name = "projet-systemes-algorithmes-repartis";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*The RAFT Consensus Algorithm*)"
];
}
{
name = "projet-intelligence-artificielle-multimedia";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Projet IAM*)"
];
}
{
name = "projet-probleme-inverse-3D";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
];
}
{
name = "projet-modelisation-geometrique";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*Projet de Modélisation Géométrique*)"
];
}
{
name = "projet-long";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-long/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-long/assets/index*)"
];
}
{
name = "projet-oral-japonais";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-oral-japonais/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(**)"
];
}
{
name = "projet-oral-anglais";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-oral-anglais/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>CAPTCHA</title>*)"
];
}
{
name = "projet-fin-etude";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/projet-fin-etude/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*slidevjs/slidev*)"
"[BODY] == pat(*/projet-fin-etude/assets/index*)"
];
}
{
name = "TP-calcul-parallele";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*<title>Benchmarking Distributed GEMM Algorithms</title>*)"
];
}
{
name = "TP-reinforcement-learning";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*pluto_notebook*)"
];
}
{
name = "TP-traitement-audio-visuel";
group = "n7.laurent.fainsin.bzh";
url = "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/";
interval = "15m";
conditions = [
"[STATUS] == 200"
"[RESPONSE_TIME] < 300"
"[BODY] == pat(*pluto_notebook*)"
];
}
];
};
};
services.nginx = {
virtualHosts = {
"status.fainsin.bzh" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:2020";
};
};
};
}

176
hosts/cesium/services/gatus/config.yml Normal file
View file

@ -0,0 +1,176 @@
web:
port: 2020
endpoints:
- name: fainsin.bzh
url: "https://fainsin.bzh"
interval: 6h
conditions:
- "[DOMAIN_EXPIRATION] > 720h"
- name: laurent.fainsin.bzh
group: web
url: "https://laurent.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>Laurent Fainsin</title>*)"
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: resume.laurent.fainsin.bzh
group: web
url: "https://resume.laurent.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: git.fainsin.bzh
group: services
url: "https://git.fainsin.bzh"
interval: 5m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY] == pat(*<title>Explore - gitea: Gitea Service</title>*)"
- name: atuin.fainsin.bzh
group: services
url: "https://atuin.fainsin.bzh"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY].homage == pat(*Sir Terry Pratchett*)"
- name: status.fainsin.bzh
group: services
url: "https://status.fainsin.bzh"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[CERTIFICATE_EXPIRATION] > 240h"
- "[BODY] == pat(*<title>Health Dashboard | Gatus</title>*)"
- name: n7.laurent.fainsin.bzh
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh"
interval: 15m
conditions:
- "[CERTIFICATE_EXPIRATION] > 240h"
- name: "projet-audionumerique"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-audionumerique/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Whisper</h1>*)"
- name: "projet-systemes-algorithmes-repartis"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-systemes-algorithmes-repartis/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*The RAFT Consensus Algorithm*)"
- name: "projet-intelligence-artificielle-multimedia"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-intelligence-artificielle-multimedia/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Projet IAM*)"
- name: "projet-probleme-inverse-3D"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-probleme-inverse-3D/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-probleme-inverse-3D/assets/index*)"
- name: "projet-modelisation-geometrique"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-modelisation-geometrique/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*Projet de Modélisation Géométrique*)"
- name: "projet-long"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-long/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-long/assets/index*)"
- name: "projet-oral-japonais"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-oral-japonais/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*わたしたちのまちは*)"
- name: "projet-oral-anglais"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-oral-anglais/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>CAPTCHA</title>*)"
- name: "projet-fin-etude"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/projet-fin-etude/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*slidevjs/slidev*)"
- "[BODY] == pat(*/projet-fin-etude/assets/index*)"
- name: "TP-calcul-parallele"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-calcul-parallele/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*<title>Benchmarking Distributed GEMM Algorithms</title>*)"
- name: "TP-reinforcement-learning"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-reinforcement-learning/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*pluto_notebook*)"
- name: "TP-traitement-audio-visuel"
group: n7.laurent.fainsin.bzh
url: "https://n7.laurent.fainsin.bzh/TP-traitement-audio-visuel/"
interval: 15m
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 300"
- "[BODY] == pat(*pluto_notebook*)"

16
hosts/cesium/services/gatus/default.nix Normal file
View file

@ -0,0 +1,16 @@
{...}: {
services.gatus = {
enable = true;
configPath = ./config.yml;
};
services.nginx = {
virtualHosts = {
"status.fainsin.bzh" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:2020";
};
};
};
}

0
hosts/cesium/services/gitea.nix → hosts/cesium/services/gitea/default.nix
View file

0
hosts/cesium/services/ssh.nix → hosts/cesium/services/ssh/default.nix
View file

2
hosts/cesium/system/age.nix → hosts/cesium/system/age/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
age.secrets.gitea = {
file = ../../../secrets/gitea.age;
file = ../../../../secrets/gitea.age;
owner = "forgejo";
group = "forgejo";
};

0
hosts/cesium/system/boot.nix → hosts/cesium/system/boot/default.nix
View file

13
hosts/cesium/system/default.nix
View file

@ -13,12 +13,11 @@
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
(modulesPath + "/profiles/qemu-guest.nix")
./age.nix
./boot.nix
./disko.nix
./networking.nix
./nix.nix
./packages.nix
./users.nix
./age
./boot
./disko
./networking
./packages
./users
];
}

0
hosts/cesium/system/disko.nix → hosts/cesium/system/disko/default.nix
View file

8
hosts/cesium/system/networking.nix → hosts/cesium/system/networking/default.nix
View file

@ -10,13 +10,7 @@
nameservers = ["1.1.1.2" "1.0.0.2"];
# firewall
firewall = {
enable = true;
allowedTCPPorts = [
80 # http
443 # tls
];
};
firewall.enable = true;
# https://github.com/StevenBlack/hosts
stevenblack.enable = true;

2
hosts/cesium/system/nix.nix → hosts/cesium/system/nix/default.nix
View file

@ -8,7 +8,7 @@
nix.settings.auto-optimise-store = true;
nix.optimise = {
automatic = true;
dates = ["12:00"];
dates = "daily";
};
# garbage collection

0
hosts/cesium/system/packages.nix → hosts/cesium/system/packages/default.nix
View file

0
hosts/cesium/system/users.nix → hosts/cesium/system/users/default.nix
View file

8
hosts/default.nix
View file

@ -23,11 +23,11 @@ in {
modules = [
./aurum
inputs.catppuccin.nixosModules.catppuccin
inputs.nixos-hardware.nixosModules.dell-xps-13-9315
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.default
inputs.impermanence.nixosModules.impermanence
inputs.nixos-hardware.nixosModules.dell-xps-13-9315
inputs.lanzaboote.nixosModules.lanzaboote
{inherit home-manager;}
];
};
@ -41,8 +41,10 @@ in {
};
modules = [
./cesium
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.default
inputs.agenix.nixosModules.default
inputs.lanzaboote.nixosModules.lanzaboote
];
};
}