feat(monitoring): add uptime-kuma for status page, see #97

Adds a config for a status page using uptime-kuma.
Open questions here included:
- what machine to run this on
(and if a new one how to configure their network bits);
- who could help set the secret in the age file;
- who could set up the application password (currently a manual step in
services.uptime-kuma), after which the stateless client can be re-built;
- what to monitor -- i for now commented some sub-domains i could not
publicly access to test.

flake.lock

@@ -715,6 +715,7 @@
         ],
         "nix-gerrit": "nix-gerrit",
         "nixpkgs": "nixpkgs_2",
+        "stateless-uptime-kuma": "stateless-uptime-kuma",
         "terranix": "terranix"
       }
     },
@@ -763,6 +764,22 @@
         "type": "github"
       }
     },
+    "stateless-uptime-kuma": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1713725430,
+        "narHash": "sha256-e3a4/7bc3GO8/kfFndtDa4/6ob3+XjkOgrN8SfDec8c=",
+        "ref": "refs/heads/master",
+        "rev": "c6baf60295e4bee4e4c13cf5c628ccd3ab89b141",
+        "revCount": 22,
+        "type": "git",
+        "url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,

flake.nix

@@ -28,6 +28,9 @@
     channel-scripts.url = "git+https://git.lix.systems/the-distro/channel-scripts.git";
     channel-scripts.inputs.nixpkgs.follows = "nixpkgs";
 
+    stateless-uptime-kuma.url = "git+https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git";
+    stateless-uptime-kuma.flake = false;
+
     lix.follows = "hydra/lix";
 
     grapevine = {

services/default.nix

@@ -5,6 +5,7 @@
     ./hydra
     ./matrix
     ./monitoring
+    ./uptime-kuma
     ./netbox
     ./ofborg
     ./postgres

services/uptime-kuma/default.nix

@@ -0,0 +1,85 @@
+{
+  inputs,
+  lib,
+  config,
+  ...
+}:
+let
+  subdomains = [
+    "cl"
+    "netbox"
+    "cache"
+    "grafana"
+    "hydra"
+    "loki"
+    "mimir"
+    "pyroscope"
+    "matrix"
+    # "tempo"
+    # "amqp"
+    # "fodwatch"
+    # "git"
+    # "alerts"
+    # "buildbot"
+    # "b"
+    # "postgres"
+    # "news"
+  ];
+
+  host = "status.forkos.org";
+  port = 3001;
+in
+{
+  imports = [ "${inputs.stateless-uptime-kuma}/nixos/module.nix" ];
+  nixpkgs.overlays = [ (import "${inputs.stateless-uptime-kuma}/overlay.nix") ];
+
+  services.uptime-kuma.enable = true;
+
+  services.nginx = {
+    enable = true;
+    virtualHosts.${host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${builtins.toString port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  statelessUptimeKuma = {
+    probesConfig = {
+      monitors = lib.genAttrs subdomains (name: {
+        type = "http";
+        url = "https://${name}.forkos.org/";
+        tags = [];
+      });
+      status_pages = {
+        "forkos" = {
+          title = "ForkOS";
+          description = "health of the ForkOS infra";
+          showTags = true;
+          publicGroupList = [
+            {
+              name = "Services";
+              weight = 1;
+              monitorList = lib.genAttrs subdomains (id: {
+                inherit id;
+              });
+            }
+          ];
+        };
+      };
+    };
+    extraFlags = [ "-s" ];
+    host = "http://localhost:${builtins.toString port}/";
+    username = "forkos";
+    passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
+    enableService = true;
+  };
+}