From b5e1cbdc03d823723877e2b5d520b09943c6e4ca Mon Sep 17 00:00:00 2001 From: Lauren Lagarde Date: Wed, 6 Aug 2025 21:37:52 -0500 Subject: [PATCH] Various logging and access improvements --- systems/fortress/configuration.nix | 10 +++++ systems/fortress/gatus.nix | 70 ++++++++++++++++++++---------- 2 files changed, 58 insertions(+), 22 deletions(-) diff --git a/systems/fortress/configuration.nix b/systems/fortress/configuration.nix index f4d9e7b..1e8a546 100644 --- a/systems/fortress/configuration.nix +++ b/systems/fortress/configuration.nix @@ -45,6 +45,16 @@ services.smartd.enable = lib.mkForce false; + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "10.86.84.0/24" # Tinc + "10.13.13.0/24" # Wireguard + ]; + bantime = "1h"; + }; + virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.containers = { dozzle = { diff --git a/systems/fortress/gatus.nix b/systems/fortress/gatus.nix index c24afb8..11ea900 100644 --- a/systems/fortress/gatus.nix +++ b/systems/fortress/gatus.nix @@ -30,31 +30,31 @@ }; }; - #maintenance = { - # start = "04:50"; - # duration = "30m"; - # timezone = "America/Chicago"; - #}; + maintenance = { + start = "04:50"; + duration = "30m"; + timezone = "America/Chicago"; + }; endpoints = [ { - name = "Synapse"; - group = "Core Services"; - url = "https://matrix.mlaga97.space/_synapse/admin/v1/server_version"; - interval = "30s"; + name = "1 - Synapse"; + group = "1 - Core Services"; + url = "https://matrix.mlaga97.space/_matrix/federation/v1/version"; + interval = "1m"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" - "has([BODY].server_version) == true" + "has([BODY].server.version) == true" "[CERTIFICATE_EXPIRATION] > 48h" ]; alerts = [{ type = "discord"; }]; } { - name = "Home Assistant"; - group = "Core Services"; + name = "2 - Home Assistant"; + group = "1 - Core Services"; url = "https://homeassistant.mlaga97.space/api/webhook/-k9lg4u3J3_QLO6avhXNG4KZa"; - interval = "30s"; + interval = "1m"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" @@ -63,10 +63,10 @@ alerts = [{ type = "matrix"; }]; } { - name = "Git"; - group = "Core Services"; + name = "3 - Git"; + group = "1 - Core Services"; url = "https://git.mlaga97.space/api/healthz"; - interval = "30s"; + interval = "1m"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" @@ -76,21 +76,47 @@ alerts = [{ type = "matrix"; }]; } { - name = "bastion.tinc.mlaga97.space"; - group = "Hosts"; + name = "1 - bastion.tinc.mlaga97.space"; + group = "2 - Hosts"; url = "icmp://10.86.84.105"; - interval = "30s"; + interval = "1m"; conditions = [ "[CONNECTED] == true" ]; alerts = [{ type = "matrix"; }]; } { - name = "blockhouse.tinc.mlaga97.space"; - group = "Hosts"; + name = "2 - blockhouse.tinc.mlaga97.space"; + group = "2 - Hosts"; url = "icmp://10.86.84.104"; - interval = "30s"; + interval = "1m"; conditions = [ "[CONNECTED] == true" ]; alerts = [{ type = "matrix"; }]; } + { + name = "2 - matrix.public.koshkee.com"; + group = "3 - Federation"; + url = "https://matrix.public.koshkee.com/_matrix/federation/v1/version"; + interval = "1h"; + conditions = [ + "[CONNECTED] == true" + "[STATUS] == 200" + "has([BODY].server.version) == true" + "[CERTIFICATE_EXPIRATION] > 48h" + ]; + alerts = [{ type = "matrix"; }]; + } + { + name = "1 - matrix.mlaga97.space"; + group = "3 - Federation"; + url = "https://federationtester.matrix.org/api/report?server_name=matrix.mlaga97.space"; + interval = "1h"; + conditions = [ + "[CONNECTED] == true" + "[STATUS] == 200" + "[BODY].FederationOK == true" + "has([BODY].WellKnownResult.result) == false" + ]; + alerts = [{ type = "matrix"; }]; + } ]; }; };