XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ")
PUPPET_HOST = {
- "integration": "root@caldance.immae.eu",
+ "integration": [ "-p8022", "root@caldance.immae.eu"],
}
# master.cfg
return compute
@util.renderer
-def puppet_host(props):
+def puppet_ssh_command(props):
environment = props["environment"] if props.hasProperty("environment") else "integration"
- return E.PUPPET_HOST.get(environment, "host.invalid")
+ ssh_command = [
+ "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no",
+ "-i", E.SSH_KEY_PATH ]
+ return ssh_command + E.PUPPET_HOST.get(environment, ["host.invalid"])
def deploy_factory(project, locks=[]):
package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))
factory.addStep(LdapPush(environment=util.Property("environment"),
project=project, build_version=util.Property("build_version"),
build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
- factory.addStep(steps.MasterShellCommand(command=[
- "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
+ factory.addStep(steps.MasterShellCommand(command=puppet_ssh_command))
return util.BuilderConfig(
name="{}_deploy".format(project.capitalize()),
locks=locks,
};
};
};
+ caldance = mkOption {
+ description = "Caldance configurations by environment";
+ type = submodule {
+ options = {
+ integration = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ password = mkOption { type = str; description = "Password file content for basic auth"; };
+ };
+ };
+ };
+ };
+ };
+ };
tellesflorian = mkOption {
description = "Tellesflorian configurations by environment";
type =
};
otherObjects = map
(n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))
- [ "caldance-1" "ulminfo-fr" "phare" ];
+ [ "ulminfo-fr" "phare" ];
masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
commonObjects = pkgs.callPackage ./objects_common.nix ({
master = cfg.master;
+++ /dev/null
-{ ... }:
-let
- defaultPassiveInfo = {
- use = "external-passive-service";
- freshness_threshold = "450";
- retry_interval = "1";
- host_name = "caldance-1.v.immae.eu";
- };
-in
-{
- host = {
- "caldance-1.v.immae.eu" = {
- alias = "caldance-1.v.immae.eu";
- address = "caldance-1.v.immae.eu";
- use = "linux-server";
- };
- };
- service = map (s: defaultPassiveInfo // s) [
- {
- service_description = "Size on root partition";
- }
-
- {
- service_description = "Total number of process";
- }
-
- {
- service_description = "Average load";
- }
-
- {
- service_description = "Swap usage";
- }
-
- {
- service_description = "fail2ban is active";
- }
-
- {
- service_description = "NTP is activated and working";
- freshness_threshold = "5400";
- }
-
- {
- service_description = "Databases are present in postgresql";
- }
- ];
-}
{ privateFiles }:
-{ config, pkgs, name, ... }:
+{ config, pkgs, name, lib, ... }:
{
boot.supportedFilesystems = [ "zfs" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
};
};
+ system.nssModules = [ pkgs.libvirt ];
+ system.nssHosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ];
programs.zsh.enable = true;
users.users.backup = {
install -m 0750 -o backup -g root -d /var/lib/backup/eldiron
'';
+ system.activationScripts.libvirtd_exports = ''
+ install -m 0755 -o root -g root -d /var/lib/caldance
+ '';
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ];
systemd.services.libvirtd.postStart = ''
install -m 0770 -g libvirtd -d /var/lib/libvirt/images
'';
+ systemd.services.socat-caldance = {
+ description = "Forward ssh port to caldance";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ serviceConfig = {
+ ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:8022,fork TCP:nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:22";
+ };
+ };
time.timeZone = "Europe/Paris";
nix = {
"discourse.immae.eu" = null;
"discourse.cip-ca.fr" = null;
"dev.immae.eu" = null;
+ "caldance.immae.eu" = null;
};
};
services.nginx = {
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
+ upstreams = {
+ caldance.servers."nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:3031" = {};
+ };
virtualHosts = {
"dev.immae.eu" = {
acmeRoot = config.myServices.certificates.webroot;
forceSSL = true;
locations."/".proxyPass = "http://localhost:18031";
};
+ "caldance.immae.eu" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".extraConfig = ''
+ uwsgi_pass caldance;
+ '';
+ locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/";
+ locations."/media/".alias = "/var/lib/caldance/caldance/media/";
+ extraConfig = ''
+ auth_basic "Authentification requise";
+ auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
+ '';
+ };
};
};
})
];
preConfigure = (old.preConfigure or "") + ''
+ # https://github.com/NixOS/nixops/issues/1216
+ sed -i -e "/Register the paths in the Nix database./s/#.*$/export USER=root/" nix/libvirtd-image.nix
+
sed -i -e '/^import sys$/s/$/; sys.tracebacklimit = 0/' scripts/nixops
sed -i -e "/'keyFile'/s/'path'/'string'/" nixops/backends/__init__.py
'';
projects / perso / Immae / Config / Nix.git / commitdiff
