hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Use nix flake check for hooks, simplify module, remove apps

Browse Source
This commit is contained in:
Hektor Misplon
2026-02-05 17:26:54 +01:00
parent 4ac16cedc4
commit e5c8fb3d48
21 changed files with 1538 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
hosts/andromache/default.nix
View File

@@ -1,10 +1,11 @@
{ lib
, inputs
, outputs
, self
, config
, pkgs
, ...
{
lib,
inputs,
outputs,
self,
config,
pkgs,
...
}:
let
username = "h";
@@ -37,7 +38,7 @@ in
../../modules/ssh/hardened-openssh.nix
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker
../../modules/syncthing
# ../../modules/syncthing
../../modules/git-hooks
];
@@ -102,7 +103,6 @@ in
services = {
git-hooks = {
enable = true;
flake-path = self;
};
xserver = {
@@ -113,32 +113,33 @@ in
enable = true;
harden = true;
};
locate = {
enable = true;
package = pkgs.plocate;
};
};
my.syncthing = {
enable = true;
deviceNames = [
"boox"
"astyanax"
];
folders = {
readings = {
path = "/home/h/doc/readings";
id = "readings";
devices = [
{
device = "boox";
type = "receiveonly";
}
"astyanax"
];
};
};
};
# my.syncthing = {
# enable = true;
# deviceNames = [
# "boox"
# "astyanax"
# ];
# folders = {
# readings = {
# path = "/home/h/doc/readings";
# id = "readings";
# devices = [
# {
# device = "boox";
# type = "receiveonly";
# }
# "astyanax"
# ];
# };
# };
# };
networking = {
# TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id

42
hosts/astyanax/default.nix
View File

@@ -1,10 +1,11 @@
{ lib
, inputs
, outputs
, self
, config
, pkgs
, ...
{
lib,
inputs,
outputs,
self,
config,
pkgs,
...
}:
let
username = "h";
@@ -39,7 +40,7 @@ in
# ../../modules/vpn/wireguard.nix
(import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker
../../modules/syncthing
# ../../modules/syncthing
../../modules/git-hooks
];
@@ -100,37 +101,12 @@ in
services = {
git-hooks = {
enable = true;
flake-path = self;
};
fwupd.enable = true;
openssh = {
enable = true;
harden = true;
};
};
my.syncthing = {
enable = true;
deviceNames = [
"boox"
"andromache"
];
folders = {
readings = {
path = "/home/h/doc/readings";
id = "readings";
devices = [
{
device = "boox";
type = "receiveonly";
}
"andromache"
];
};
};
};
services = {
locate = {
enable = true;
package = pkgs.plocate;

5
hosts/eetion/default.nix
View File

@@ -11,8 +11,13 @@ in
imports = [
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/git-hooks
];
services.git-hooks = {
enable = true;
};
ssh.username = username;
ssh.publicHostname = "eetion";
ssh.authorizedHosts = [

71
hosts/hecuba/UPTIME_PLAN.md Normal file
View File

@@ -0,0 +1,71 @@
# Hecuba uptime server plan
## Current State
- Hecuba is a Hetzner cloud host running NixOS
- Docker is enabled for user `username`
- Firewall allows ports 80 and 443
- No existing uptime monitoring
## Goals
Monitor docker containers on hecuba with a self-hosted uptime dashboard
## Uptime Monitoring Options
### Option 1: Uptime Kuma (Recommended)
- Easy to use web dashboard
- Docker-based (fits existing setup)
- HTTP/TCP/Ping monitoring
- Status pages
- Notifications (email, Telegram, etc.)
## Implementation Plan
### Phase 1: Evaluate & Choose
- [ ] Research uptime monitoring solutions $id{11c06cf8-bea2-4858-9c7f-a293c3e8fba5}
- [ ] Decide on solution (Uptime Kuma likely best fit) $id{f87debaa-312e-424e-80e0-b624f0768774}
### Phase 2: Docker Setup
- [ ] Add uptime monitoring container to hecuba $id{7d8c5bf4-3d49-4f4c-87f1-1f34c5a4dbec}
- [ ] Configure persistent storage $id{9568b276-2885-4ae7-b5ca-5a9d7efb6a69}
- [ ] Set up reverse proxy (ports 80/443 already open) $id{c2f6ea85-f5e3-465d-95ba-62738a97da80}
- [ ] Configure SSL certificate $id{95c257e2-931b-44da-b0b1-a3e088956800}
### Phase 3: Configuration
- [ ] Add docker containers to monitor $id{4670deda-70d2-4c37-8121-2035aa7d57fb}
- [ ] Set up alert thresholds $id{da6acf90-0b62-4451-bb11-4f74c5c5dd27}
- [ ] Configure notifications (email/Telegram) $id{0b188adf-9a27-4499-9a19-b1ebd081bd21}
- [ ] Test monitoring $id{dd0df63f-5da2-4ba0-a386-45162a2bb642}
### Phase 4: Maintenance
- [ ] Add to backup routine $id{33a2c381-94cb-460e-b600-67cb503826d7}
- [ ] Document monitoring setup $id{f3bf7b85-737f-4511-8d3e-a270044abea3}
- [ ] Review and adjust alerts $id{32e46c53-dd9d-48a8-aef2-985ebaadd8da}
## Technical Details
### Storage Location
`/var/lib/uptime-kuma` or similar persistent volume
### Docker Compose Structure
```yaml
services:
uptime-kuma:
image: louislam/uptime-kuma:1
volumes:
- /var/lib/uptime-kuma:/app/data
ports:
- 3001:3001
restart: always
```
### NixOS Integration
- Consider using `virtualisation.oci-containers` for declarative setup
- Or keep docker-compose file (more flexible for updates)
## Next Steps
1. Pick uptime monitoring solution
2. Decide on deployment method (NixOS declarative vs docker-compose)
3. Implement

5
hosts/hecuba/default.nix
View File

@@ -20,8 +20,13 @@ in
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/docker
../../modules/git-hooks
];
services.git-hooks = {
enable = true;
};
networking.hostName = hostName;
ssh.username = username;
ssh.publicHostname = "server.hektormisplon.xyz";

5
hosts/vm/default.nix
View File

@@ -29,8 +29,13 @@ in
(import ../../modules/secrets {
inherit lib inputs config;
})
../../modules/git-hooks
];
services.git-hooks = {
enable = true;
};
home-manager.users.${username} = import ../../home/hosts/vm {
inherit inputs config pkgs;
};