the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 6 Projects 1 Releases Packages Wiki Activity

feat(monitoring): add uptime-kuma for status page, see #97 #118

Merged
raito merged 1 commit from kiaragrouwstra/infra:feature-service-uptime-kuma into main 2024-10-01 16:13:27 +00:00
Conversation 9 Commits 1 Files changed 7 +122
7 changed files with 122 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit df7ad30882 - Show all commits

17
flake.lock
View file

@ -715,6 +715,7 @@
],
"nix-gerrit": "nix-gerrit",
"nixpkgs": "nixpkgs_2",
"stateless-uptime-kuma": "stateless-uptime-kuma",
"terranix": "terranix"
}
},
@ -763,6 +764,22 @@
"type": "github"
}
},
"stateless-uptime-kuma": {
"flake": false,
"locked": {
"lastModified": 1713725430,
"narHash": "sha256-e3a4/7bc3GO8/kfFndtDa4/6ob3+XjkOgrN8SfDec8c=",
"ref": "refs/heads/master",
"rev": "c6baf60295e4bee4e4c13cf5c628ccd3ab89b141",
"revCount": 22,
"type": "git",
"url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git"
},
"original": {
"type": "git",
"url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

4
flake.nix
View file

@ -28,6 +28,9 @@
channel-scripts.url = "git+https://git.lix.systems/the-distro/channel-scripts.git";
channel-scripts.inputs.nixpkgs.follows = "nixpkgs";
stateless-uptime-kuma.url = "git+https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git";
stateless-uptime-kuma.flake = false;
lix.follows = "hydra/lix";
grapevine = {
@ -55,6 +58,7 @@
inputs.lix.overlays.default
inputs.nix-gerrit.overlays.default
inputs.channel-scripts.overlays.default
(import "${inputs.stateless-uptime-kuma}/overlay.nix")
];
};
terraform = pkgs.opentofu;

5
hosts/public01/default.nix
View file

@ -9,6 +9,11 @@
# TODO: make it the default
networking.domain = "infra.forkos.org";
bagel.status = {
enable = true;
domain = "status.forkos.org";
};
bagel.sysadmin.enable = true;
# Newsletter is proxied.
bagel.raito.v6-proxy-awareness.enable = true;

1
services/default.nix
View file

@ -5,6 +5,7 @@
./hydra
./matrix
./monitoring
./uptime-kuma
./netbox
./ofborg
./postgres

93
services/uptime-kuma/default.nix Normal file
View file

@ -0,0 +1,93 @@
{
inputs,
lib,
config,
...
}:
let
cfg = config.bagel.status;
janik commented 2024-09-28 17:27:09 +00:00
Outdated
Review
Copy link

It would be preferable to pull the domain information from the terraform/dnsimple.nix, so we avoid maintaining the list of domains twice.

It would be preferable to pull the domain information from the `terraform/dnsimple.nix`, so we avoid maintaining the list of domains twice.
raito commented 2024-09-28 20:00:45 +00:00
Outdated
Review
Copy link

This should probably be injected via specialArgs I assume to make it available.

This should probably be injected via `specialArgs` I assume to make it available.
kiaragrouwstra commented 2024-09-28 20:47:59 +00:00
Outdated
Review
Copy link

hm. i agree, tho i'm not entirely sure yet what the best approach would here.
if the file were imported (edit: / injected) i'm under the impression it would go thru a mkIf check.
maybe the data-y bits could be e.g. factored out into a separate file to reuse from both uptime-kuma (if not also from gandi which has lotsa overlap with dnsimple)?
feedback welcome. 😶

hm. i agree, tho i'm not entirely sure yet what the best approach would here. if the file were `import`ed (edit: / injected) i'm under the impression it would go thru a `mkIf` check. maybe the data-y bits could be e.g. factored out into a separate file to reuse from both `uptime-kuma` (if not also from `gandi` which has lotsa overlap with `dnsimple`)? feedback welcome. 😶
raito commented 2024-09-28 21:16:01 +00:00
Outdated
Review
Copy link

Let's keep it simple for now, we can do it in a further PR. It's unclear how to extract the data-y bits, maybe Terranix could expose a data-only module we could re-import in the whole expr, unclear to me yet.

Let's keep it simple for now, we can do it in a further PR. It's unclear how to extract the data-y bits, maybe Terranix could expose a data-only module we could re-import in the whole expr, unclear to me yet.
👍 2
# TODO: pull domains from a central place
subdomains = [
"cl"
"netbox"
"cache"
"grafana"
"hydra"
"loki"
"mimir"
"pyroscope"
"matrix"
"tempo"
"amqp"
"fodwatch"
"git"
"alerts"
"buildbot"
"b"
"postgres"
"news"
];
janik commented 2024-09-28 17:28:19 +00:00
Outdated
Review
Copy link

Please add the domain to terraform ^^

Please add the domain to terraform ^^
👍 1
port = 3001;
in
{
raito marked this conversation as resolved Outdated
janik commented 2024-09-28 17:33:16 +00:00
Outdated
Review
Copy link

Please guard the config behind a mkIf with an enable option like options.bagel.status.enable = mkEnableOption "status page";. Currently, applying this change would enable this service on every host.

Please guard the config behind a mkIf with an enable option like `options.bagel.status.enable = mkEnableOption "status page";`. Currently, applying this change would enable this service on every host.
👍 1
imports = [ "${inputs.stateless-uptime-kuma}/nixos/module.nix" ];
raito marked this conversation as resolved Outdated
janik commented 2024-09-28 17:30:05 +00:00
Outdated
Review
Copy link

We maintain all the input related overlays directly in the flake.nix.

We maintain all the input related overlays directly in the flake.nix.
👍 1
raito commented 2024-09-28 19:59:59 +00:00
Outdated
Review
Copy link

Yeah, all modules and overlays should be applied uniformly to all machines.

Yeah, all modules and overlays should be applied uniformly to all machines.
👍 1
options.bagel.status = {
enable = lib.mkEnableOption "the status page service (uptime-kuma)";
domain = lib.mkOption {
type = lib.types.str;
raito marked this conversation as resolved Outdated
janik commented 2024-09-28 17:35:18 +00:00
Outdated
Review
Copy link

The nginx stuff is fine for now, but we should generalize proxying a bit in the future. (having every service add their own firewall rules, and nginx config is redundant and error prone)

The nginx stuff is fine for now, but we should generalize proxying a bit in the future. (having every service add their own firewall rules, and nginx config is redundant and error prone)
👍 1
};
};
config = lib.mkIf cfg.enable {
services.uptime-kuma.enable = true;
services.nginx = {
enable = true;
virtualHosts.${cfg.domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
statelessUptimeKuma = {
probesConfig = {
monitors = lib.genAttrs subdomains (name: {
type = "http";
url = "https://${name}.forkos.org/";
tags = [];
});
status_pages = {
"forkos" = {
title = "ForkOS";
description = "health of the ForkOS infra";
showTags = true;
publicGroupList = [
{
name = "Services";
weight = 1;
monitorList = lib.genAttrs subdomains (id: {
inherit id;
});
}
];
};
};
};
extraFlags = [ "-s" ];
host = "http://localhost:${builtins.toString port}/";
username = "forkos";
passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
enableService = true;
};
};
}

1
terraform/dnsimple.nix
View file

@ -114,6 +114,7 @@ in
(record "b" 300 "CNAME" "public01.infra.p.forkos.org")
(record "postgres" 300 "CNAME" "bagel-box.infra.p.forkos.org")
(record "news" 3600 "CNAME" "public01.infra.p.forkos.org")
(record "status" 3600 "CNAME" "public01.infra.p.forkos.org")
# S3 in delroth's basement
(record "cache" 300 "AAAA" "2a02:168:6426::12") # smol.delroth.net

1
terraform/gandi.nix
View file

@ -88,6 +88,7 @@ in
(record "b" 300 "CNAME" ["public01.infra.p"])
(record "postgres" 300 "CNAME" ["bagel-box.infra.p"])
(record "news" 3600 "CNAME" ["public01.infra.p"])
(record "status" 3600 "CNAME" ["public01.infra.p"])
# S3 in delroth's basement
(record "cache" 300 "AAAA" ["2a02:168:6426::12"]) # smol.delroth.net