[scripts] check for flake.nix

after thinking about it it makes no sense to have status/alerting
running on fanny. as soon as fanny fails we wont get any alerts anymore.
thats why i think having it running on the hetzner server, which is
quite stable, makes sense

machines/configuration.nix

@@ -114,6 +114,15 @@ in
     ];
   };
 
+  lucia = nixosSystem {
+    system = "aarch64-linux";
+    specialArgs.inputs = inputs;
+    modules = defaultModules ++ [
+      ./lucia/configuration.nix
+      ./lucia/hardware_configuration.nix
+    ];
+  };
+
   fanny = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputsMod;
@@ -152,12 +161,12 @@ in
     ];
   };
 
-  lucia = nixosSystem {
-    system = "aarch64-linux";
+  uptimekuma = nixosSystem {
+    system = "x86_64-linux";
     specialArgs.inputs = inputs;
-    modules = defaultModules ++ [
-      ./lucia/configuration.nix
-      ./lucia/hardware_configuration.nix
+    specialArgs.self = self;
+    modules = makeMicroVM "uptimekuma" "10.0.0.12" "D0:E5:CA:F0:D7:E8" [
+      ./uptimekuma/configuration.nix
     ];
   };
 

machines/durruti/host_config.nix

@@ -43,6 +43,16 @@ in
       };
     };
 
+    services.nginx.virtualHosts."status.malobeo.org" = {
+      forceSSL = true;
+      enableACME= true;
+      locations."/" = {
+        proxyPass = "http://10.0.0.12";
+        extraConfig = ''
+        '';
+      };
+    };
+
     services.nginx.virtualHosts."tasklist.malobeo.org" = {
       forceSSL = true;
       enableACME= true;

machines/fanny/configuration.nix

@@ -55,7 +55,6 @@ in
   services.malobeo.microvm.enableHostBridge = true;
   services.malobeo.microvm.deployHosts = [ "infradocs" ];
 
-
   networking = {
     firewall = {
       allowedTCPPorts = [ 80 ];

machines/uptimekuma/configuration.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, inputs, ... }:
+
+with lib;
+
+{
+  networking = {
+    hostName = mkDefault "uptimekuma";
+    useDHCP = false;
+    nameservers = [ "1.1.1.1" ];
+  };
+
+  imports = [
+    ../modules/malobeo_user.nix
+    ../modules/sshd.nix
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."status.malobeo.org" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3001";
+        extraConfig = ''
+        '';
+      };
+
+    };
+  };
+
+  services.uptime-kuma = {
+    enable = true;
+  };
+
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+

outputs.nix

@@ -20,6 +20,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     let
       sops = sops-nix.packages."${pkgs.system}";
       microvmpkg = microvm.packages."${pkgs.system}";
+      installed = builtins.attrNames self.packages."${pkgs.system}".scripts;
     in
     pkgs.mkShell {
       sopsPGPKeyDirs = [
@@ -37,11 +38,13 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
         pkgs.mdbook
         microvmpkg.microvm
       ];
+      packages = builtins.map (pkgName: self.packages."${pkgs.system}".scripts.${pkgName}) installed;
+      shellHook = ''echo "Available scripts: ${builtins.concatStringsSep " " installed}"'';
     };
 
     packages = {
-      remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
-      boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
+      scripts.remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
+      scripts.boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
       docs = pkgs.stdenv.mkDerivation {
         name = "malobeo-docs";
         phases = [ "buildPhase" ];

scripts/remote-install-encrypt.sh

@@ -1,5 +1,4 @@
 set -o errexit
-set -o nounset
 set -o pipefail
 
 if [ $# -lt 2 ]; then
@@ -9,6 +8,21 @@ if [ $# -lt 2 ]; then
   exit 1
 fi
 
+if [ ! -e flake.nix ]
+    then
+    echo "flake.nix not found. Searching down."
+    while [ ! -e flake.nix ]
+        do
+        if [ $PWD = "/" ]
+            then
+            echo "Found root. Aborting."
+            exit 1
+            else
+            cd ..
+        fi
+    done
+fi
+
 hostname=$1
 ipaddress=$2
 

scripts/unlock-boot.sh

@@ -4,19 +4,33 @@ set -o pipefail
 sshoptions="-o StrictHostKeyChecking=no -o ServerAliveInterval=1 -o ServerAliveCountMax=1 -p 222 -T"
 HOSTNAME=$1
 
-echo
-diskkey=$(sops -d machines/$HOSTNAME/disk.key)
+if [ ! -e flake.nix ]
+    then
+    echo "flake.nix not found. Searching down."
+    while [ ! -e flake.nix ]
+        do
+        if [ $PWD = "/" ]
+            then
+            echo "Found root. Aborting."
+            exit 1
+            else
+            cd ..
+        fi
+    done
+fi
 
+echo
 if [ $# = 1 ]
     then
+    diskkey=$(sops -d machines/$HOSTNAME/disk.key)
     echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #storage
 
     echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #root
 
 elif [ $# = 2 ]
     then
+    diskkey=$(sops -d machines/$HOSTNAME/disk.key)
     IP=$2
-    
     echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #storage
 
     echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #root