feat(status01): init #11

Merged
cst1 merged 6 commits from status_init into main 2024-12-07 16:26:03 +01:00
14 changed files with 356 additions and 5 deletions

View file

@ -71,7 +71,7 @@ in
{
nodes = builtins.mapAttrs (
host: { site, ... }: "${host}.${site}.infra.dgnum.eu"
host: { site, ... }: "${host}.${site}.lab.infra.dgnum.eu"
) (import ./meta/nodes.nix);
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;

View file

@ -14,6 +14,7 @@ rec {
_keys = (import "${_sources.infrastructure}/keys")._keys // {
krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
status01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQFCsn/8c46O7JLx0QYdbZsXnS+NYtsgUNHPd2Toksj" ];
};
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);

View file

@ -27,6 +27,8 @@ with dns.lib.combinators;
homebox = host "129.199.146.102" null;
status = host "129.199.146.103" null;
# Nameservers
ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";

View file

@ -0,0 +1,24 @@
{ lib, ... }:
lib.extra.mkConfig {
enabledModules = [
# List of modules to enable
];
enabledServices = [
# List of services to enable
"nginx"
"uptime-kuma"
];
extraConfig = {
networking = {
firewall.allowedTCPPorts = [
80
443
];
};
};
root = ./.;
}

View file

@ -0,0 +1,34 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader.systemd-boot.enable = true;
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
};
fileSystems."/" = {
device = "/dev/disk/by-partlabel/disk-sda-root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-partlabel/disk-sda-ESP";
fsType = "vfat";
};
networking.useDHCP = lib.mkDefault false;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -0,0 +1,10 @@
{
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
clientMaxBodySize = "500m";
};
}

View file

@ -0,0 +1,4 @@
(import ../../../keys).mkSecrets [ "status01" ] [
# List of secrets for router02
"stateless-uptime-kuma-password"
]

View file

@ -0,0 +1,39 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA 53kqaGHoIiBW34TabFATNf+2Nju2FAQm5euxBlp4L2E
65jmuV2qa4FggzatITYncVQNSYTRtKEFZsBbtkQ487A
-> ssh-ed25519 QlRB9Q VwYIAUut50rqvm4nOUZf6Sp/HzyfE1Fg6JSsMF0H53s
euInJsL53RwaCza7OTZNRx+swsXcnN9FUMFMgmSnLug
-> ssh-ed25519 r+nK/Q 4ZxPhgovFEX8cX3mEarpl83i4Gg1IjDBdFwqlqt0p0E
n0oIgVJbCV9wd8GgPm4zDSKU+WPxrpXe1hNOH0M9orE
-> ssh-rsa krWCLQ
QxjqLVS1ANlU4kOSq9ybEHLlTrC9V9l5kQAakG9FLvGg6J88MM5v2oJzqN0MdRMy
HC26YFwibUMrues0qXfEYAx3uuss2TS82XAlZPGC4/dn31czI7mTjgbkkwVZZ1ED
SP8VWCAb/zjJoN+cSiVsTbu++b5dnavI2HrEA45pGopkG0usJE8Llr7kI/1Pb5Hi
GaYdjBk5MVrA+K8PTRJ3OdDM3aTKFaoPS5vgWM2RfSSkhVK51fKxIWkiphk5hZ7l
dmHk9qNiwZkg2wWp0W4pBCbHRzoIT2osNlbsO1IpsaNrVijrvxg5qHUHa1uqw5pB
fJ/7dh59Ckc6FkE7Mka1EQ
-> ssh-ed25519 /vwQcQ h3/pglzg2HhJ9AYixQgm//hDDfKwDm0qfdEYj94FF0Y
mJh35flVyki/cpuIlHMR2j2WI35W/HarJzJBvpa2hps
-> ssh-ed25519 0R97PA FKZr+kWHbRcZ0Ne6KdCH6mALFgTjAzquDyw3/HvTHXA
m0hzEpVB0n8LXEjFompdmDbGQQSEvXhQrxJWaCAhziA
-> ssh-ed25519 JGx7Ng TjvfKNCJIf8wW4p4VurJG4Ynl/s9ZoDndcP9GQs7K24
5Ps+MgsCaws3PKv1EFPHv1BdZVD4u/DfPiNgxTIEPDI
-> ssh-ed25519 bUjjig UEHCVJRj+Np4EvAUacUKaEIEtcv/92h/mdxpqwW9XjQ
nQfWPkwJ7MufMbTJ1ktE3skBxKu89ps7b/P48bevkwM
-> ssh-ed25519 5SY7Kg wP8S7omqt+wibyrLGdwChOilKLhlk3Uttouofrvn6Hg
PeHvagZGw11Jq8NZFi6Pvh+XSNgklY/235YKhUPogN4
-> ssh-ed25519 p/Mg4Q SC0lkuoNTFyPzVWW+CFQfsV5thLhnAlNMlW6r/M70WA
DR1hkNnQ1xOwSC6gk0i33Tn52iDNqsszPmxBrSS2/aU
-> ssh-ed25519 5rrg4g isrznX6EZE5Do1eNekhqaR/ZFeiMIzkk+y3+nIJ3dTM
nxLDqq/xhgCWQKlolE+7u06j3GrMKxSAirkDl5Y8zzA
-> ssh-ed25519 oRtTqQ GvvIExclzvOhzRs9TqSyPUMpPvFDcwOkthEKgxoOH3I
LkdOSCDASTS9EryBmarT9m2TVL3aafeN+FVGSyxN9AY
-> ssh-ed25519 F2C+8w USOT3pzvufIWjz7zelcMDACuyGAbwHfJ1wQc0Z5aS0A
ZnuvqZ0NdgmpDSc//c99j2X+B0FvioLS1eBC4mX9PQ0
-> ssh-ed25519 LCTbpA SLX/uFy8NniL/3dG2sOWFJqelwbcRC5UA+Ji7pYAFlQ
ckIg5nwZSsM1DAMT9DN2LPKnlQTQye54YUmHYDJ4rp4
-> +ka/`8V-grease `iuUWsh
61TbfYZeLgnlK2g7xDxOvPyZx1i1WlkyM6HtZVUUlUag0+k2mF2kuANCsm8GDJd4
qFDrRc6wmaCRnVf78HSdIJXKviR4QlxNXDnpTeh1jFGtIW4GXVHp
--- S/VYe23MY+e4qRXq615pCpV2VYHJF+s3ioeIEDaKPA8
n~,ló̓ŽSïD10<31>“àBFjºÞ1çbÃU©íš>Ö½íø˹Ýâ{÷§b$ϧ

View file

@ -0,0 +1,139 @@
{
config,
lib,
nodes,
sources,
...
}:
let
inherit (lib) concatLists mapAttrsToList mkMerge;
inherit (config.statelessUptimeKuma.lib)
pingProbesFromHive
fromHive
httpProbesFromConfig
probesWithTag
;
probesCfg = config.statelessUptimeKuma.probesConfig;
mkMonitors = name: builtins.attrNames (probesWithTag { inherit name; } probesCfg);
host = "status.lab.dgnum.eu";
port = 3001;
httpExcludes = [
"localhost"
] ++ (concatLists (mapAttrsToList (_: { config, ... }: config.dgn-redirections.retired) nodes));
extraProbes = {
monitors = {
# NOTE: Empty
};
};
status_pages = {
"dgnum" = {
title = "DGNum";
description = "Etat de l'infra du lab de la DGNum";
showTags = true;
publicGroupList = [
{
name = "Services";
weight = 1;
monitorList = mkMonitors "Service";
}
{
name = "Serveurs";
weight = 2;
monitorList = mkMonitors "Ping";
}
#{
# name = "VPN Interne";
# weight = 2;
# monitorList = mkMonitors "VPN";
#}
];
};
};
pingProbes = pingProbesFromHive {
inherit nodes;
mkHost = _: config: config.networking.fqdn;
tags = [ { name = "Ping"; } ];
excludes = [
"status01"
"labcore01"
];
};
#vpnProbes = pingProbesFromHive {
# inherit nodes;
# prefix = "VPN - ";
# mkHost = node: _: "${node}.dgnum";
# tags = [ { name = "VPN"; } ];
# excludes = [
# "web02"
# "status01"
# ];
#};
httpProbes = fromHive {
inherit nodes;
builder =
_: module:
httpProbesFromConfig {
inherit (module) config;
tags = [
{
name = "Host";
value = module.config.networking.fqdn;
}
{ name = "Service"; }
];
excludes = httpExcludes;
};
};
in
{
imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ];
nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ];
services.uptime-kuma.enable = true;
services.nginx = {
enable = true;
virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
statelessUptimeKuma = {
probesConfig = mkMerge [
pingProbes
httpProbes
extraProbes
#vpnProbes
{ inherit status_pages; }
];
extraFlags = [ "-s" ];
host = "http://localhost:${builtins.toString port}/";
username = "dgnum-lab";
passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
enableService = true;
};
}

View file

@ -97,4 +97,21 @@
hostId = "bcf8ff03";
};
status01 = {
interfaces = {
ens18 = {
ipv4 = [
{
address = "129.199.146.103";
prefixLength = 24;
}
];
gateways = [ "129.199.146.254" ];
enableDefaultDNS = true;
};
};
hostId = "7ce86f3d";
};
}

View file

@ -66,6 +66,14 @@
hashedPassword = "$y$j9T$aFhOWa05W7VKeKt3Nc.nA1$uBOvG4wf7/yWjwOxO8NLf9ipCsAkS1.5cD2EJpLx57A";
stateVersion = "24.05";
nixpkgs = "unstable";
};
status01 = {
site = "pav01";
hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/";
stateVersion = "24.05";
nixpkgs = "unstable";
};

View file

@ -1,8 +1,11 @@
{ lib, sources, ... }:
{
imports = (lib.extra.mkImports ./. [ "lab-acme" ]) ++ [
"${sources."microvm.nix"}/nixos-modules/host"
];
imports =
(lib.extra.mkImports ./. [
"lab-acme"
"lab-network"
])
++ [ "${sources."microvm.nix"}/nixos-modules/host" ];
dgn-notify.enable = false;

59
modules/lab-network.nix Normal file
View file

@ -0,0 +1,59 @@
{
config,
lib,
meta,
name,
nodeMeta,
...
}:
let
inherit (lib)
mapAttrs'
mkEnableOption
mkIf
mkForce
;
net' = meta.network.${name};
mkAddress = { address, prefixLength, ... }: "${address}/${builtins.toString prefixLength}";
mkRoute = gateway: {
routeConfig = {
Gateway = gateway;
GatewayOnLink = true;
};
};
mkInterface = interface: net: {
name = "10-${interface}";
value = {
name = interface;
address = builtins.map mkAddress (net.ipv4 ++ net.ipv6);
routes = builtins.map mkRoute net.gateways;
inherit (net) DHCP dns;
};
};
cfg = config.lab-network;
in
{
options.lab-network.enable = mkEnableOption "automatic network configuration based on metadata" // {
default = true;
};
config = mkIf cfg.enable (mkForce {
networking = {
inherit (net') hostId;
hostName = name;
domain = "${nodeMeta.site}.infra.lab.dgnum.eu";
useNetworkd = true;
firewall.logRefusedConnections = false;
};
systemd.network.networks = mapAttrs' mkInterface net'.interfaces;
});
}

View file

@ -197,6 +197,17 @@
"revision": "950e4cccac0f942076e8558f7f9f4d496cabfb18",
"url": "https://github.com/SaumonNet/proxmox-nixos/archive/950e4cccac0f942076e8558f7f9f4d496cabfb18.tar.gz",
"hash": "0bhqw42ydc0jfkfqw64xsg518a1pbxnvpqw92nna7lm8mzpxm6d4"
},
"stateless-uptime-kuma": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma"
},
"branch": "master",
"revision": "880f444ff7862d6127b051cf1a993ad1585b1652",
"url": null,
"hash": "166057469hhxnyqbpd7jjlccdmigzch51616n1d5r617xg0y1mwp"
}
},
"version": 3