diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3af2387..493f8b6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,6 +43,7 @@ in "etna/upsdUserPass.age".publicKeys = main ++ [ etna ]; "etna/cobaltTokens.age".publicKeys = main ++ [ etna ]; + "vesuvio/gatusEnv.age".publicKeys = main ++ [ vesuvio ]; "vesuvio/maddyEnv.age".publicKeys = main ++ [ vesuvio ]; "vesuvio/rspamdPassword.age".publicKeys = main ++ [ vesuvio ]; "vesuvio/roundcubeDbPass.age".publicKeys = main ++ [ vesuvio ]; diff --git a/secrets/vesuvio/gatusEnv.age b/secrets/vesuvio/gatusEnv.age new file mode 100644 index 0000000..4cb0727 --- /dev/null +++ b/secrets/vesuvio/gatusEnv.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYnFNd2w4bUxhbGJoazBp +L2Q1dVNRaVoyc2Q3UjVEYUVsbHg0YkMwRFZnCjdwZE1kK0ZiMitzS2VtVVIxbjZy +YXBzQWFFV3pma2FVc0p3OHRuNGZXemMKLT4gWDI1NTE5IFJlcS8rR3JOTWMyamJF +bHBjNC9XQlZNVUhaaW5kc3dRcmJYcjgwTS9GaWcKNXpIZlBrRUlyRFB1c2RBd25R +Wm92a09vcEJKREoxUDFjSHgzbFlxbHRoZwotPiBYMjU1MTkgam8vRHh6VlVQLzJo +VXdIRWFEZ043Y2E3R3ZLVGR4d2QrUXVTQXJBdzVIVQpieW9pVVhkQ3dtYTJFTjZD +MVdzL1JBVHBqNEcrdlNaSDRnQ05uNmx2T0hnCi0+IFgyNTUxOSBEOWtsanMyODc0 +ckhucVRnc3M1SEFLdXZ1MkNDSzA5K2hzZVRHQUJGUFRrCmtkeWFmcWUwd3RRS3ds +UVNhQVhockFZK1R3ZitvL3lUSUpJMjRiYlVEKzAKLS0tIEdGaTlPNEJtWWNZZDVl +Z2psc1h5YlBBbmxZVGx1L0ZCZWVhL0lTUDRleWMKDsLoDaM7JBWrdHY4SQ5D7LLf +qoq5NQTAVncYNOzeaAbj54ZsCF2gcz3ATq990kN31CTZmXwvI96GvubY2QShraXW +eA9Gj9c= +-----END AGE ENCRYPTED FILE----- diff --git a/systems/etna/postgresql.nix b/systems/etna/postgresql.nix index 10b5751..7b97640 100644 --- a/systems/etna/postgresql.nix +++ b/systems/etna/postgresql.nix @@ -9,11 +9,13 @@ enableTCPIP = true; ensureDatabases = [ + "gatus" "maddy" "roundcube" ]; authentication = '' + host gatus gatus vesuvio.fossa-macaroni.ts.net scram-sha-256 host maddy maddy vesuvio.fossa-macaroni.ts.net scram-sha-256 host roundcube roundcube vesuvio.fossa-macaroni.ts.net scram-sha-256 ''; diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix index 1c79d2c..b2037b6 100644 --- a/systems/vesuvio/default.nix +++ b/systems/vesuvio/default.nix @@ -3,6 +3,7 @@ imports = [ ./certificates.nix ./frp.nix + ./gatus.nix ./hetzner.nix ./mail ./nginx.nix diff --git a/systems/vesuvio/gatus.nix b/systems/vesuvio/gatus.nix new file mode 100644 index 0000000..e0efe86 --- /dev/null +++ b/systems/vesuvio/gatus.nix @@ -0,0 +1,75 @@ +{ + config, + _utils, + ... +}: +let + env = _utils.setupSingleSecret config "gatusEnv" { }; + + mkHttpEndpoint = name: group: url: { + inherit name group url; + interval = "5m"; + conditions = [ + "[STATUS] < 300" + "[CONNECTED] == true" + ]; + }; +in +{ + imports = [ env.generate ]; + + services = { + gatus = { + enable = true; + environmentFile = env.path; + + settings = { + web.port = 8080; + + storage = { + type = "postgres"; + path = "postgres://gatus:\${DB_PASSWORD}@etna/gatus?sslmode=disable"; + }; + + ui = { + title = "uku's services | status"; + description = "services status powered by gatus"; + header = "uku's services"; + logo = "https://avatars.githubusercontent.com/u/61147779?v=4"; + link = "https://git.uku3lig.net/uku/flake"; + }; + + endpoints = [ + (mkHttpEndpoint "Website" "core" "https://uku3lig.net") + + # TODO postgres? + (mkHttpEndpoint "API" "etna" "https://api.uku3lig.net/downloads/uku") + (mkHttpEndpoint "Dendrite" "etna" "https://m.uku.moe/_matrix/static/") + (mkHttpEndpoint "Forgejo" "etna" "https://git.uku3lig.net") + (mkHttpEndpoint "Grafana" "etna" "https://grafana.uku3lig.net") + (mkHttpEndpoint "Immich" "etna" "https://im.uku.moe") + (mkHttpEndpoint "NextCloud" "etna" "https://cloud.uku3lig.net") + (mkHttpEndpoint "Reposilite" "etna" "https://maven.uku3lig.net/") + (mkHttpEndpoint "Shlink" "etna" "https://uku.moe/rest/v3/health") + (mkHttpEndpoint "Vaultwarden" "etna" "https://bw.uku3lig.net") + + { + name = "Maddy"; + group = "vesuvio"; + url = "starttls://mx1.uku3lig.net:587"; + interval = "5m"; + conditions = [ "[CONNECTED] == true" ]; + } + (mkHttpEndpoint "Roundcube" "vesuvio" "https://mail.uku3lig.net") + ]; + }; + }; + + nginx.virtualHosts."status.uku3lig.net" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = + "http://localhost:${builtins.toString config.services.gatus.settings.web.port}"; + }; + }; +}