add a lot more healthchecks

This commit is contained in:
Ingolf Wagner 2024-10-09 21:27:12 +09:00
parent 171e7400ba
commit c73e0f43f4
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
26 changed files with 120 additions and 9 deletions

View file

@ -25,6 +25,8 @@ with lib;
config = {
networking.extraHosts = ''
10.100.0.1 cache.orbi.wg0
10.100.0.1 orbi.wg0
10.100.0.2 chungus.wg0
'';
};

View file

@ -496,11 +496,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1727858670,
"narHash": "sha256-WMtfs5Fv68ELcPYyfOqyQG7p+hraSon7lKsoq3Dutwc=",
"lastModified": 1728474281,
"narHash": "sha256-0urbkJgTgTIyFUxka6OZ3zgUHKxdOso1ML7MB4rxnyI=",
"owner": "mrvandalo",
"repo": "nixos-healthchecks",
"rev": "fa48fca26eca92a77a89ecff59b58ec124577b8c",
"rev": "b22067284a52b114209528fd20587629b6ffcf21",
"type": "github"
},
"original": {

View file

@ -1,10 +1,18 @@
{ config, ... }:
{ pkgs, config, ... }:
{
tinc.private.enable = true;
tinc.private.ipv4 = "10.23.42.29";
healthchecks.localCommands.ping-private = pkgs.writers.writeBash "ping-private" ''
ping -c 1 -W 5 ${config.tinc.private.ipv4}
'';
tinc.secret.enable = true;
tinc.secret.ipv4 = "10.123.42.29";
healthchecks.localCommands.ping-secret = pkgs.writers.writeBash "ping-secret" ''
ping -c 1 -W 5 ${config.tinc.secret.ipv4}
'';
}

View file

@ -1,4 +1,9 @@
{ config, factsGenerator, ... }:
{
config,
factsGenerator,
pkgs,
...
}:
{
clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
@ -6,6 +11,10 @@
networking.retiolum.port = 720;
networking.retiolum.nodename = "cherry";
healthchecks.localCommands.ping-retiolum = pkgs.writers.writeBash "ping-retiolum" ''
ping -c 1 -W 5 ${config.networking.retiolum.nodename}.r
'';
services.tinc.networks.retiolum = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;

View file

@ -1,10 +1,16 @@
{
pkgs,
config,
factsGenerator,
clanLib,
...
}:
{
healthchecks.localCommands.ping-wg0 = pkgs.writers.writeBash "ping-wg0" ''
ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value}
'';
networking.firewall.allowedUDPPorts = [ 51820 ];
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clan.core.facts.services.wireguard_ip = factsGenerator.public {

View file

@ -73,6 +73,9 @@
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
healthchecks.closed.wg0.host = "10.100.0.2";
healthchecks.closed.retiolum.host = "centauri.r";
services.printing.enable = false;
networking.hostName = "chungus";

View file

@ -16,4 +16,5 @@
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 1883 ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 1883 ];
healthchecks.closed.retiolum.ports.mqtt = [ 1883 ];
}

View file

@ -8,6 +8,11 @@
{
imports = [ ./hass-mqtt.nix ];
healthchecks.closed.retiolum.ports.zigbee2mqtt = [
1337
9666
];
services.zigbee2mqtt = {
enable = true;
dataDir = "/srv2/zigbee2mqtt";

View file

@ -18,4 +18,6 @@
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];
healthchecks.closed.retiolum.ports.hass = [ 8123 ];
}

View file

@ -12,6 +12,12 @@
user = "media";
};
healthchecks.http.jellyfin = {
url = "flix.${config.networking.hostName}.private";
};
healthchecks.closed.retiolum.ports.jellyfin = [ 8096 ];
services.nginx = {
enable = true;
virtualHosts."flix.${config.networking.hostName}.private" = {

View file

@ -6,6 +6,16 @@
}:
{
healthchecks.http.navidrome = {
#url = "${config.networking.hostName}.wg0:${toString config.services.navidrome.settings.Port}/app/#/login";
url = "${
config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value
}:${toString config.services.navidrome.settings.Port}/app/#/login";
expectedContent = "Navidrome";
};
healthchecks.closed.retiolum.ports.navidrome = [ config.services.navidrome.settings.Port ];
services.navidrome = {
enable = true;
openFirewall = true;

View file

@ -1,6 +1,12 @@
{ config, ... }:
{
healthchecks.closed.retiolum.ports.share = [
137
138
139
445
];
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [
445
139

View file

@ -10,6 +10,7 @@
url = config.services.syncthing.guiAddress;
expectedContent = "syncthing";
};
healthchecks.closed.retiolum.ports.syncthing-gui = [ 8384 ];
services.syncthing = {
enable = true;

View file

@ -1,4 +1,9 @@
{ config, factsGenerator, ... }:
{
config,
factsGenerator,
pkgs,
...
}:
{
clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };

View file

@ -1,6 +1,11 @@
{ pkgs, config, ... }:
{
tinc.private.enable = true;
tinc.private.ipv4 = "10.23.42.28";
healthchecks.localCommands.ping-private = pkgs.writers.writeBash "ping-private" ''
ping -c 1 -W 5 ${config.tinc.private.ipv4}
'';
}

View file

@ -1,10 +1,16 @@
{
pkgs,
config,
factsGenerator,
clanLib,
...
}:
{
healthchecks.localCommands.ping-wg0 = pkgs.writers.writeBash "ping-wg0" ''
ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value}
'';
networking.firewall.allowedUDPPorts = [ 51820 ];
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clan.core.facts.services.wireguard_ip = factsGenerator.public {

View file

@ -1,10 +1,13 @@
{
config,
pkgs,
config,
assets,
...
}:
{
healthchecks.closed.retiolum.ports.atuin = [ config.services.atuin.port ];
services.atuin = {
enable = true;
package = pkgs.legacy_2405.atuin.overrideAttrs (_old: {

View file

@ -10,6 +10,8 @@
expectedContent = "nixinate";
};
healthchecks.closed.retiolum.ports.forgejo = [ config.services.forgejo.settings.server.HTTP_PORT ];
services.nginx = {
enable = true;
statusPage = true;

View file

@ -35,6 +35,7 @@
url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
expectedContent = "paperless.chungus.private";
};
healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
serverAliases = [ "paperless.ingolf-wagner.de" ];

View file

@ -1,6 +1,11 @@
{ config, factsGenerator, ... }:
{
healthchecks.closed.retiolum.ports.s3 = [
9000
9001
];
clan.core.facts.services.s3 = factsGenerator.password {
name = "root";
service = "s3";

View file

@ -6,6 +6,8 @@
}:
{
healthchecks.closed.retiolum.ports.taskwarrior-webui = [ 8080 ];
virtualisation.oci-containers = {
containers.taskwarrior-webui = {
volumes = [

View file

@ -1,5 +1,8 @@
{ pkgs, ... }:
{
healthchecks.closed.retiolum.ports.vault = [ 8200 ];
services.vault = {
enable = true;
#adress = "chungus.private:8200";

View file

@ -12,6 +12,10 @@
};
};
healthchecks.http.grafana = {
url = "grafana.${config.networking.hostName}.private";
};
services.grafana = {
enable = true;
settings = {

View file

@ -21,6 +21,9 @@ let
'';
in
{
healthchecks.closed.retiolum.ports.vault = [ 9993 ];
environment.systemPackages = [
(zerotierCommand "zerotier-script-members" ''
curl "http://localhost:9993/controller/network/''${NWID}/member" -H "X-ZT1-AUTH: ''${TOKEN}" | gojq

View file

@ -1,3 +1,4 @@
{ pkgs, config, ... }:
{
networking.firewall = {
@ -14,7 +15,15 @@
tinc.private.enable = true;
tinc.private.ipv4 = "10.23.42.100";
tinc.secret.enable = true;
tinc.secret.ipv4 = "10.123.42.100";
healthchecks.localCommands.ping-private = pkgs.writers.writeBash "ping-private" ''
ping -c 1 -W 5 ${config.tinc.private.ipv4}
'';
# tinc.secret.enable = true;
# tinc.secret.ipv4 = "10.123.42.100";
#
# healthchecks.localCommands.ping-secret = pkgs.writers.writeBash "ping-secret" ''
# ping -c 1 -W 5 ${config.tinc.secret.ipv4}
# '';
}

View file

@ -27,6 +27,10 @@ in
"wireguard.wg0.ip" = "10.100.0.1";
};
healthchecks.localCommands.ping-wg0 = pkgs.writers.writeBash "ping-wg0" ''
ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value}
'';
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
# Enable WireGuard