From 20d3354a4de888c1c979833a18b908f45d90ea28 Mon Sep 17 00:00:00 2001 From: sinavir Date: Sat, 20 Apr 2024 14:37:31 +0200 Subject: [PATCH] feat: declarative probes for uptime-kuma --- machines/rescue01/secrets/secrets.nix | 2 +- .../secrets/stateless-uptime-kuma-password | 28 ++++ machines/rescue01/uptime-kuma.nix | 125 ++++++++++++++++++ machines/web01/redirections.nix | 101 ++++++++------ npins/sources.json | 11 ++ 5 files changed, 225 insertions(+), 42 deletions(-) create mode 100644 machines/rescue01/secrets/stateless-uptime-kuma-password diff --git a/machines/rescue01/secrets/secrets.nix b/machines/rescue01/secrets/secrets.nix index 47020b5..8da8fb3 100644 --- a/machines/rescue01/secrets/secrets.nix +++ b/machines/rescue01/secrets/secrets.nix @@ -2,4 +2,4 @@ let lib = import ../../../lib { }; publicKeys = lib.getNodeKeys "rescue01"; in -lib.setDefault { inherit publicKeys; } [ ] +lib.setDefault { inherit publicKeys; } [ "stateless-uptime-kuma-password" ] diff --git a/machines/rescue01/secrets/stateless-uptime-kuma-password b/machines/rescue01/secrets/stateless-uptime-kuma-password new file mode 100644 index 0000000..85fba50 --- /dev/null +++ b/machines/rescue01/secrets/stateless-uptime-kuma-password @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA wZdqi7vBlMEOJiY1VvbsmqyBSO/jl6SWLRGw+0ylKWo +UvKyh4Jh608Z9i9+6WuPu3mwnlC98aAr6jiV38JJGzk +-> ssh-ed25519 QlRB9Q +DUjR2Wqwg2SevBY+YgvLEDkcnoWGRTfcVFbl27CQT4 +poWQnP4cOQGc5Xhgrgz2KKEOJ8dB+iCcqME5D/zJv5c +-> ssh-ed25519 r+nK/Q GsidIKDaPJmx8igrgoAbWGywJQB0nV/cY8Zm0CIByho +m4HrxUhPkp7gahyLO2gfQUnglkB715jaCrADg77ns34 +-> ssh-rsa krWCLQ +VwNy3N6+l3Vgpo8AK7cJ2gRmHa+oBtB4w3n+E8gn7sugcEB16NDtjK861zwszUq7 +OfOPUZ5mE+RWz20XYWPAJIPEYNaiqc5vJzguFvZdlyJNInJLxANlIaHydE1AGA9v +l07t9PAxxV5L40EiPHxjveEKaKiAAJVbWWfILX9f4U5vjKy5729IE/3aTRUbTD/M +CXINLnzFWwDLi3x2yBrGUly2mLIb4KyDuE8jnPmtCFveKsVxVsDEeiXvi0yeT+xM +viGvXJ9Ad6tAug4BE2suqwG1iPHsa98pFBqYM8gG2rp2WOFhzs0emkTu5LGYJOMr +VR39Qxcdp1WjPr9e+l/MDQ +-> ssh-ed25519 /vwQcQ GBXHQzwSFS+abM91umquafIEcUoI407reSuULz7SGGY +WpW9aHq2Eq8pXpvGsEKoByQLj0tr04GxNQrf09ronrY +-> ssh-ed25519 0R97PA BxlIEcd6G5GDLUxgoTzyUqRRxGIx49YCZSvzjVIBdjw +oDqUd2O+oBdDrOvrQysdptF1LuvXK/dKurFnHUjgNfk +-> ssh-ed25519 JGx7Ng Km6PmwRZ9HfGjEhkgb8P+ZCt+B/C+jg9bcvdwBvrS0Q +D+UC5nkMnpYuJtz5X30iF1avU+jlEy4zOEPkyj5o2x8 +-> ssh-ed25519 5SY7Kg 3tf/eLI3ngqilOfEz8fayTDHWHNd14ANJTSt5lz1yDM +QUhDPYuiZ9YloKgYqY5UdMVmawyMAOS/T4jbpvsNJpI +-> ssh-ed25519 p/Mg4Q h/8lvmwcmoyTa6vW0N2AbgKt/dpNNqVmRW02NaYl7Wo +OaFeo+ZPa2LY5zRJzv/exq4bv734FxZwX3ql1kpv5bk +-> ssh-ed25519 +MNHsw iaiHp0x4Xzf886Q0Li6IleeO3wZUAQbYFHxn0jzdCk0 +W4gaBtwKPbonB2g9+Ts+teXPEPoWDCVoVn1vixiQ+7M +--- 1ACvcwsxZKnjgKRAzJy8e4eBtxZXrwe00wPdDlMWnBo +Œ<ƒ¼î|ë=©r<2Ÿµ.>ÃÇ~,5J² Ä … àé[ºë^+͸Z‰ñj›á×=Ï<Ï%Út뮪 \ No newline at end of file diff --git a/machines/rescue01/uptime-kuma.nix b/machines/rescue01/uptime-kuma.nix index a90c7ff..142f17e 100644 --- a/machines/rescue01/uptime-kuma.nix +++ b/machines/rescue01/uptime-kuma.nix @@ -1,9 +1,116 @@ +{ + lib, + nodes, + config, + sources, + ... +}: let + inherit (config.statelessUptimeKuma.lib) + pingProbesFromHive + fromHive + httpProbesFromConfig + probesWithTag + ; host = "status.dgnum.eu"; port = 3001; + + httpExcludes = [ + "localhost" + "ens.cal.dgnum.eu" + "luj-current.cal.dgnum.eu" + "s3.dgnum.eu" + "cdn.dgnum.eu" + "saml-idp.dgnum.eu" + "status.dgnum.eu" + ] ++ nodes.web01.config.dgn-redirections.retired; + + extraProbes = { + monitors = { + "prometheus.dgnum.eu" = { + type = lib.mkForce "http"; + accepted_statuscodes = [ "401" ]; + }; + "api.meet.dgnum.eu" = { + keyword = "Crab Fit API"; + }; + }; + }; + + status_pages = { + "dgnum" = { + title = "DGNum"; + description = "Etat de l'infra de la DGNum"; + showTags = true; + publicGroupList = [ + { + name = "Services"; + weight = 1; + monitorList = builtins.attrNames ( + probesWithTag { name = "Service"; } config.statelessUptimeKuma.probesConfig + ); + } + { + name = "Serveurs"; + weight = 2; + monitorList = builtins.attrNames ( + probesWithTag { name = "Ping"; } config.statelessUptimeKuma.probesConfig + ); + } + { + name = "VPN Interne"; + weight = 2; + monitorList = builtins.attrNames ( + probesWithTag { name = "VPN"; } config.statelessUptimeKuma.probesConfig + ); + } + ]; + }; + }; + + pingProbes = pingProbesFromHive { + inherit nodes; + mkHost = _: config: config.networking.fqdn; + tags = [ { name = "Ping"; } ]; + excludes = [ + "geo01" + "geo02" + "rescue01" + ]; + }; + + vpnProbes = pingProbesFromHive { + inherit nodes; + prefix = "VPN - "; + mkHost = node: _: "${node}.dgnum"; + tags = [ { name = "VPN"; } ]; + excludes = [ + "rescue01" + "web02" + ]; + }; + + httpProbes = fromHive { + inherit nodes; + builder = + _: module: + httpProbesFromConfig { + inherit (module) config; + tags = [ + { + name = "Host"; + value = module.config.networking.fqdn; + } + { name = "Service"; } + ]; + excludes = httpExcludes; + }; + }; in { + imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ]; + nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ]; services.uptime-kuma.enable = true; services.nginx = { @@ -23,4 +130,22 @@ in 80 443 ]; + + statelessUptimeKuma = { + probesConfig = lib.mkMerge [ + pingProbes + httpProbes + extraProbes + vpnProbes + { inherit status_pages; } + ]; + extraFlags = [ + "-v DEBUG" + "-s" + ]; + host = "http://localhost:${builtins.toString port}/"; + username = "dgnum"; + passwordFile = config.age.secrets."stateless-uptime-kuma-password".path; + enableService = true; + }; } diff --git a/machines/web01/redirections.nix b/machines/web01/redirections.nix index 6512a6e..bc613e4 100644 --- a/machines/web01/redirections.nix +++ b/machines/web01/redirections.nix @@ -1,4 +1,4 @@ -_: +{ lib, config, ... }: let retired_host = "retired.dgnum.eu"; @@ -28,46 +28,65 @@ let forceSSL = true; }; - redirections = { - "calendrier.eleves.ens.fr".to = "calendrier.dgnum.eu"; - "docs.beta.rz.ens.wtf".to = "pads.dgnum.eu"; - "git.rz.ens.wtf".to = "git.dgnum.eu"; - "notion.rz.ens.wtf".to = "docs.dgnum.eu"; - "nuage.beta.rz.ens.wtf".to = "cloud.dgnum.eu"; - "rdv.dgnum.eu".to = "meet.dgnum.eu"; - "www.bda.ens.fr".to = "bda.ens.fr"; - "bda.wp.dgnum.eu".to = "bda.ens.fr"; - "www.tuteurs.ens.fr".to = "tuteurs.ens.fr"; - "www.interq.ens.fr".to = "interq.ens.fr"; - "www.lanuit.ens.fr".to = "lanuit.ens.fr"; - }; - - retired = mkSubs { - "ens.fr" = [ - "alevins" - "www.climatenavigator" - ]; - "ens.wtf" = [ "photos" ]; - "rz.ens.wtf" = [ - "s3" - "cdn" - ]; - "beta.rz.ens.wtf" = [ - "todo" - "minecraft" - "factorio" - "home" - "pads" - "api.pads" - "files.pads" - "sandbox.pads" - "jurisprudens" - "rstudio" - ]; - }; + cfg = config.dgn-redirections; in { - services.nginx.virtualHosts = { - ${retired_host}.default = true; - } // (builtins.mapAttrs mkRedirection redirections) // (mkRetired retired); + options.dgn-redirections = { + redirections = lib.mkOption { + type = + with lib.types; + attrsOf (submodule { + options.to = lib.mkOption { type = str; }; + }); + default = { }; + }; + retired = lib.mkOption { + type = with lib.types; listOf str; + default = [ ]; + }; + }; + config = { + dgn-redirections = { + redirections = { + "calendrier.eleves.ens.fr".to = "calendrier.dgnum.eu"; + "docs.beta.rz.ens.wtf".to = "pads.dgnum.eu"; + "git.rz.ens.wtf".to = "git.dgnum.eu"; + "notion.rz.ens.wtf".to = "docs.dgnum.eu"; + "nuage.beta.rz.ens.wtf".to = "cloud.dgnum.eu"; + "rdv.dgnum.eu".to = "meet.dgnum.eu"; + "www.bda.ens.fr".to = "bda.ens.fr"; + "bda.wp.dgnum.eu".to = "bda.ens.fr"; + "www.tuteurs.ens.fr".to = "tuteurs.ens.fr"; + "www.interq.ens.fr".to = "interq.ens.fr"; + "www.lanuit.ens.fr".to = "lanuit.ens.fr"; + }; + + retired = mkSubs { + "ens.fr" = [ + "alevins" + "www.climatenavigator" + ]; + "ens.wtf" = [ "photos" ]; + "rz.ens.wtf" = [ + "s3" + "cdn" + ]; + "beta.rz.ens.wtf" = [ + "todo" + "minecraft" + "factorio" + "home" + "pads" + "api.pads" + "files.pads" + "sandbox.pads" + "jurisprudens" + "rstudio" + ]; + }; + }; + services.nginx.virtualHosts = { + ${retired_host}.default = true; + } // (builtins.mapAttrs mkRedirection cfg.redirections) // (mkRetired cfg.retired); + }; } diff --git a/npins/sources.json b/npins/sources.json index f119be3..9f32600 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -167,6 +167,17 @@ "url": "https://github.com/cachix/pre-commit-hooks.nix/archive/40e6053ecb65fcbf12863338a6dcefb3f55f1bf8.tar.gz", "hash": "0xibcl3546fqv9g2wmjv6350glp61ld3m8n5yqjx0y5dn73apj4w" }, + "stateless-uptime-kuma": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/mdebray/stateless-uptime-kuma" + }, + "branch": "master", + "revision": "c6baf60295e4bee4e4c13cf5c628ccd3ab89b141", + "url": null, + "hash": "1ivkvvq4jz5kh873jppypnhzm3vb8gdrvia7zsy67p6wnvzvhxkv" + }, "wp4nix": { "type": "Git", "repository": {