users: add mdebray

2022-03-08 19:39:29 +01:00 · 2022-03-08 19:39:29 +01:00 · 3cec747997
commit 3cec747997
parent 2ca5ba1718
3 changed files with 78 additions and 0 deletions
--- a/profiles/core-hackens/personal-users.nix
+++ b/profiles/core-hackens/personal-users.nix
@ -12,6 +12,11 @@
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keyFiles = [ ../../pubkeys/gdd.keys ];
    };
+    mdebray = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ];
+    };
    root.openssh.authorizedKeys.keyFiles = [ ../../pubkeys/beigbeder.keys ]; # Jacques Beigbeder est tjrs root.
  };
 }
--- a/profiles/monitoring.nix
+++ b/profiles/monitoring.nix
@ -0,0 +1,72 @@
+{ pkgs, config, ... }:
+{
+  # Monitoring
+  services.netdata.enable = true;
+  systemd.services.netdata.restartTriggers = map (name: config.environment.etc."netdata/${name}.conf".source) [
+    "health_alarm_notify"
+    "stream"
+    "fping"
+  ];
+  environment.etc."netdata/stream.conf" = {
+    user = "netdata";
+    group = "netdata";
+    mode = "0600";
+    text = ''
+      # hackens-desktop
+      [074e699a-4206-4e13-baa7-e4524326f1e0]
+        enabled = yes
+        default history = 3600
+        default memory mode = dbengine
+        health enabled by default = auto
+        allow from = 192.168.1.117, 2001:470:1f13:21d:49fd:1d82:d2ff:d868
+
+      # hackens-openwrt
+      [cab3fe1e-576b-420d-b301-84308e44f340]
+        enabled = yes
+        default history = 3600
+        default memory mode = dbengine
+        health enabled by default = auto
+        allow from = 192.168.1.1, 2001:470:1f13:21d::1
+    '';
+  };
+  environment.etc."netdata/health_alarm_notify.conf" = {
+    user = "netdata";
+    group = "netdata";
+    mode = "0600";
+    text = ''
+      # External tools
+      nc="${pkgs.netcat}/bin/nc"
+
+      # IRC configuration
+      SEND_IRC="YES"
+      DEFAULT_RECIPIENT_IRC="#hackens-status"
+      IRC_NETWORK="ens.wtf"
+      IRC_NICKNAME="hackens"
+      IRC_REALNAME="hackENS netdata monitoring"
+    '';
+  };
+  environment.etc."netdata/fping.conf" = {
+    user = "netdata";
+    group = "netdata";
+    mode = "0600";
+    text = ''
+      fping="${pkgs.fping}/bin/fping"
+      hosts="hackens.org hack.ens.fr sas.eleves.ens.fr argonaut.ens.wtf clipper.ens.fr merle.eleves.ens.fr"
+    '';
+  };
+  services.smartd.enable = true;
+  services.smartd.extraOptions = [ "-A /var/log/smartd/" ]; # For netdata.
+
+  # MQTT for every usage, notably OctoPrint events.
+  services.mosquitto = {
+    enable = true;
+    listeners = [
+      {
+        address = "192.168.1.118";
+      }
+    ];
+    settings = {
+      # allow_anonymous = true;
+    };
+  };
+}
--- a/pubkeys/sinavir.keys
+++ b/pubkeys/sinavir.keys
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o`