the-distro/infra
9
0
Fork 5
Code Issues 35 Pull requests 6 Packages Projects 1 Releases Wiki Activity

feat(monitoring): add uptime-kuma for status page, see #97 #118

Open
kiaragrouwstra wants to merge 6 commits from kiaragrouwstra/infra:feature-service-uptime-kuma into main
pull from: kiaragrouwstra/infra:feature-service-uptime-kuma
merge into: the-distro:main
Conversation 6 Commits 6 Files changed 7 +122
kiaragrouwstra commented 2024-09-27 06:51:48 +00:00
First-time contributor
Copy link

Adds a config for a status page using uptime-kuma.
Open questions here included:

  • what machine to run this on
    (and if a new one how to configure their network bits);
  • who could help set the secret in the age file;
  • who could set up the application password (currently a manual step in
    services.uptime-kuma), after which the stateless client can be re-built;
  • what to monitor -- i for now commented some sub-domains i could not
    publicly access to test.
Adds a config for a status page using uptime-kuma. Open questions here included: - what machine to run this on (and if a new one how to configure their network bits); - who could help set the secret in the age file; - who could set up the application password (currently a manual step in services.uptime-kuma), after which the stateless client can be re-built; - what to monitor -- i for now commented some sub-domains i could not publicly access to test.
kiaragrouwstra added 1 commit 2024-09-27 06:51:52 +00:00 
Adds a config for a status page using uptime-kuma.
Open questions here included:
- what machine to run this on
(and if a new one how to configure their network bits);
- who could help set the secret in the age file;
- who could set up the application password (currently a manual step in
services.uptime-kuma), after which the stateless client can be re-built;
- what to monitor -- i for now commented some sub-domains i could not
publicly access to test.
janik requested changes 2024-09-28 17:47:47 +00:00
janik left a comment
Owner
Copy link

what machine to run this on

I think we should add this to public01.

who could help set the secret in the age file;

That would be @raito afaik.
(btw we should document the secret management)

who could set up the application password (currently a manual step in services.uptime-kuma), after which the stateless client can be re-built;

Isn't the passwordFile set using agenix in line 82 or does someone have to ssh onto the host and run some uptime-kuma management command? (I'm unfamiliar with uptime-kuma)

what to monitor -- i for now commented some sub-domains i could not publicly access to test.

Anything with a public facing web interface, which should basically be everything.
You might not be able to access domains such as fodwatch or news at the time because we (try to) shut down the bare metal servers if the services aren't actively in use.

> what machine to run this on I think we should add this to public01. > who could help set the secret in the age file; That would be @raito afaik. (btw we should document the secret management) > who could set up the application password (currently a manual step in services.uptime-kuma), after which the stateless client can be re-built; Isn't the passwordFile set using agenix in line 82 or does someone have to ssh onto the host and run some uptime-kuma management command? (I'm unfamiliar with uptime-kuma) > what to monitor -- i for now commented some sub-domains i could not publicly access to test. Anything with a public facing web interface, which should basically be everything. You might not be able to access domains such as fodwatch or news at the time because we (try to) shut down the bare metal servers if the services aren't actively in use.
services/uptime-kuma/default.nix Outdated
@ -0,0 +5,4 @@
...
}:
let
subdomains = [
janik commented 2024-09-28 17:27:09 +00:00
Owner
Copy link

It would be preferable to pull the domain information from the terraform/dnsimple.nix, so we avoid maintaining the list of domains twice.

It would be preferable to pull the domain information from the `terraform/dnsimple.nix`, so we avoid maintaining the list of domains twice.
raito commented 2024-09-28 20:00:45 +00:00
Owner
Copy link

This should probably be injected via specialArgs I assume to make it available.

This should probably be injected via `specialArgs` I assume to make it available.
kiaragrouwstra commented 2024-09-28 20:47:59 +00:00
Author
First-time contributor
Copy link

hm. i agree, tho i'm not entirely sure yet what the best approach would here.
if the file were imported (edit: / injected) i'm under the impression it would go thru a mkIf check.
maybe the data-y bits could be e.g. factored out into a separate file to reuse from both uptime-kuma (if not also from gandi which has lotsa overlap with dnsimple)?
feedback welcome. 😶

hm. i agree, tho i'm not entirely sure yet what the best approach would here. if the file were `import`ed (edit: / injected) i'm under the impression it would go thru a `mkIf` check. maybe the data-y bits could be e.g. factored out into a separate file to reuse from both `uptime-kuma` (if not also from `gandi` which has lotsa overlap with `dnsimple`)? feedback welcome. 😶
raito commented 2024-09-28 21:16:01 +00:00
Owner
Copy link

Let's keep it simple for now, we can do it in a further PR. It's unclear how to extract the data-y bits, maybe Terranix could expose a data-only module we could re-import in the whole expr, unclear to me yet.

Let's keep it simple for now, we can do it in a further PR. It's unclear how to extract the data-y bits, maybe Terranix could expose a data-only module we could re-import in the whole expr, unclear to me yet.
👍 1
services/uptime-kuma/default.nix
@ -0,0 +26,4 @@
# "news"
];
host = "status.forkos.org";
janik commented 2024-09-28 17:28:19 +00:00
Owner
Copy link

Please add the domain to terraform ^^

Please add the domain to terraform ^^
👍 1
services/uptime-kuma/default.nix
@ -0,0 +29,4 @@
host = "status.forkos.org";
port = 3001;
in
{
janik commented 2024-09-28 17:33:16 +00:00
Owner
Copy link

Please guard the config behind a mkIf with an enable option like options.bagel.status.enable = mkEnableOption "status page";. Currently, applying this change would enable this service on every host.

Please guard the config behind a mkIf with an enable option like `options.bagel.status.enable = mkEnableOption "status page";`. Currently, applying this change would enable this service on every host.
👍 1
raito marked this conversation as resolved
services/uptime-kuma/default.nix Outdated
@ -0,0 +31,4 @@
in
{
imports = [ "${inputs.stateless-uptime-kuma}/nixos/module.nix" ];
nixpkgs.overlays = [ (import "${inputs.stateless-uptime-kuma}/overlay.nix") ];
janik commented 2024-09-28 17:30:05 +00:00
Owner
Copy link

We maintain all the input related overlays directly in the flake.nix.

We maintain all the input related overlays directly in the flake.nix.
👍 1
raito commented 2024-09-28 19:59:59 +00:00
Owner
Copy link

Yeah, all modules and overlays should be applied uniformly to all machines.

Yeah, all modules and overlays should be applied uniformly to all machines.
👍 1
raito marked this conversation as resolved
services/uptime-kuma/default.nix Outdated
@ -0,0 +35,4 @@
services.uptime-kuma.enable = true;
services.nginx = {
janik commented 2024-09-28 17:35:18 +00:00
Owner
Copy link

The nginx stuff is fine for now, but we should generalize proxying a bit in the future. (having every service add their own firewall rules, and nginx config is redundant and error prone)

The nginx stuff is fine for now, but we should generalize proxying a bit in the future. (having every service add their own firewall rules, and nginx config is redundant and error prone)
👍 1
raito marked this conversation as resolved
raito commented 2024-09-28 20:01:00 +00:00
Owner
Copy link

@kiaragrouwstra I'm available to help you get this PR to the finishline, if you need my help on anything.

@kiaragrouwstra I'm available to help you get this PR to the finishline, if you need my help on anything.
kiaragrouwstra added 1 commit 2024-09-28 20:15:09 +00:00
kiaragrouwstra added 1 commit 2024-09-28 20:18:22 +00:00
kiaragrouwstra added 1 commit 2024-09-28 20:20:57 +00:00
kiaragrouwstra added 1 commit 2024-09-28 20:22:43 +00:00
kiaragrouwstra added 1 commit 2024-09-28 20:25:16 +00:00
kiaragrouwstra commented 2024-09-28 20:57:20 +00:00
Author
First-time contributor
Copy link

i pushed updates to address some of the feedback now.

who could set up the application password (currently a manual step in services.uptime-kuma), after which the stateless client can be re-built;

Isn't the passwordFile set using agenix in line 82 or does someone have to ssh onto the host and run some uptime-kuma management command? (I'm unfamiliar with uptime-kuma)

i thought so too.
unfortunately, as it turns out, the credential popped in there is essentially for a client thing to access the actual service so as to populate it declaratively from nix.
as such, it seems that the service itself at present still needs to manually be assigned those seemed credentials imperatively right now.

i pushed updates to address some of the feedback now. > > who could set up the application password (currently a manual step in services.uptime-kuma), after which the stateless client can be re-built; > > Isn't the passwordFile set using agenix in line 82 or does someone have to ssh onto the host and run some uptime-kuma management command? (I'm unfamiliar with uptime-kuma) i thought so too. unfortunately, as it turns out, the credential popped in there is essentially for a client thing to access the actual service so as to populate it declaratively from nix. as such, it seems that the service itself at present still needs to manually be assigned those seemed credentials imperatively right now.
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u feature-service-uptime-kuma:kiaragrouwstra-feature-service-uptime-kuma
git checkout kiaragrouwstra-feature-service-uptime-kuma

Merge

Merge the changes and update on Forgejo.
git checkout main
git merge --no-ff kiaragrouwstra-feature-service-uptime-kuma
git checkout main
git merge --ff-only kiaragrouwstra-feature-service-uptime-kuma
git checkout kiaragrouwstra-feature-service-uptime-kuma
git rebase main
git checkout main
git merge --no-ff kiaragrouwstra-feature-service-uptime-kuma
git checkout main
git merge --squash kiaragrouwstra-feature-service-uptime-kuma
git checkout main
git merge --ff-only kiaragrouwstra-feature-service-uptime-kuma
git checkout main
git merge kiaragrouwstra-feature-service-uptime-kuma
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
janik
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: the-distro/infra#118
No description provided.
Delete branch "kiaragrouwstra/infra:feature-service-uptime-kuma"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?