From: Ismaƫl Bouya Date: Sat, 8 Aug 2020 13:56:45 +0000 (+0200) Subject: Migrate caldance configuration to nixos X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=6c95e93c85640e1fe544ed1b6a0b83e27725d0f0 Migrate caldance configuration to nixos --- diff --git a/modules/private/buildbot/projects/caldance/__init__.py b/modules/private/buildbot/projects/caldance/__init__.py index 8d4e804..c71eebf 100644 --- a/modules/private/buildbot/projects/caldance/__init__.py +++ b/modules/private/buildbot/projects/caldance/__init__.py @@ -22,7 +22,7 @@ class E(): XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ") PUPPET_HOST = { - "integration": "root@caldance.immae.eu", + "integration": [ "-p8022", "root@caldance.immae.eu"], } # master.cfg @@ -132,9 +132,12 @@ def compute_build_infos(project): return compute @util.renderer -def puppet_host(props): +def puppet_ssh_command(props): environment = props["environment"] if props.hasProperty("environment") else "integration" - return E.PUPPET_HOST.get(environment, "host.invalid") + ssh_command = [ + "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", + "-i", E.SSH_KEY_PATH ] + return ssh_command + E.PUPPET_HOST.get(environment, ["host.invalid"]) def deploy_factory(project, locks=[]): package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH)) @@ -145,8 +148,7 @@ def deploy_factory(project, locks=[]): factory.addStep(LdapPush(environment=util.Property("environment"), project=project, build_version=util.Property("build_version"), build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap"))) - factory.addStep(steps.MasterShellCommand(command=[ - "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host])) + factory.addStep(steps.MasterShellCommand(command=puppet_ssh_command)) return util.BuilderConfig( name="{}_deploy".format(project.capitalize()), locks=locks, diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 193e95c..6a2cea0 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix @@ -1354,6 +1354,21 @@ in }; }; }; + caldance = mkOption { + description = "Caldance configurations by environment"; + type = submodule { + options = { + integration = mkOption { + description = "environment configuration"; + type = submodule { + options = { + password = mkOption { type = str; description = "Password file content for basic auth"; }; + }; + }; + }; + }; + }; + }; tellesflorian = mkOption { description = "Tellesflorian configurations by environment"; type = diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index c573af2..1590fd0 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix @@ -138,7 +138,7 @@ let }; otherObjects = map (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; })) - [ "caldance-1" "ulminfo-fr" "phare" ]; + [ "ulminfo-fr" "phare" ]; masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; }; commonObjects = pkgs.callPackage ./objects_common.nix ({ master = cfg.master; diff --git a/modules/private/monitoring/objects_caldance-1.nix b/modules/private/monitoring/objects_caldance-1.nix deleted file mode 100644 index d5b2d8d..0000000 --- a/modules/private/monitoring/objects_caldance-1.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ ... }: -let - defaultPassiveInfo = { - use = "external-passive-service"; - freshness_threshold = "450"; - retry_interval = "1"; - host_name = "caldance-1.v.immae.eu"; - }; -in -{ - host = { - "caldance-1.v.immae.eu" = { - alias = "caldance-1.v.immae.eu"; - address = "caldance-1.v.immae.eu"; - use = "linux-server"; - }; - }; - service = map (s: defaultPassiveInfo // s) [ - { - service_description = "Size on root partition"; - } - - { - service_description = "Total number of process"; - } - - { - service_description = "Average load"; - } - - { - service_description = "Swap usage"; - } - - { - service_description = "fail2ban is active"; - } - - { - service_description = "NTP is activated and working"; - freshness_threshold = "5400"; - } - - { - service_description = "Databases are present in postgresql"; - } - ]; -} diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix index 379117c..a0d56cc 100644 --- a/modules/private/system/dilion.nix +++ b/modules/private/system/dilion.nix @@ -1,5 +1,5 @@ { privateFiles }: -{ config, pkgs, name, ... }: +{ config, pkgs, name, lib, ... }: { boot.supportedFilesystems = [ "zfs" ]; boot.kernelPackages = pkgs.linuxPackages_latest; @@ -41,6 +41,8 @@ }; }; + system.nssModules = [ pkgs.libvirt ]; + system.nssHosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ]; programs.zsh.enable = true; users.users.backup = { @@ -76,12 +78,24 @@ install -m 0750 -o backup -g root -d /var/lib/backup/eldiron ''; + system.activationScripts.libvirtd_exports = '' + install -m 0755 -o root -g root -d /var/lib/caldance + ''; virtualisation.docker.enable = true; virtualisation.libvirtd.enable = true; users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ]; systemd.services.libvirtd.postStart = '' install -m 0770 -g libvirtd -d /var/lib/libvirt/images ''; + systemd.services.socat-caldance = { + description = "Forward ssh port to caldance"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:8022,fork TCP:nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:22"; + }; + }; time.timeZone = "Europe/Paris"; nix = { @@ -117,6 +131,7 @@ "discourse.immae.eu" = null; "discourse.cip-ca.fr" = null; "dev.immae.eu" = null; + "caldance.immae.eu" = null; }; }; services.nginx = { @@ -124,6 +139,9 @@ recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; + upstreams = { + caldance.servers."nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:3031" = {}; + }; virtualHosts = { "dev.immae.eu" = { acmeRoot = config.myServices.certificates.webroot; @@ -143,6 +161,20 @@ forceSSL = true; locations."/".proxyPass = "http://localhost:18031"; }; + "caldance.immae.eu" = { + acmeRoot = config.myServices.certificates.webroot; + useACMEHost = name; + forceSSL = true; + locations."/".extraConfig = '' + uwsgi_pass caldance; + ''; + locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/"; + locations."/media/".alias = "/var/lib/caldance/caldance/media/"; + extraConfig = '' + auth_basic "Authentification requise"; + auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password}; + ''; + }; }; }; diff --git a/overlays/nixops/default.nix b/overlays/nixops/default.nix index b9b2f15..a297685 100644 --- a/overlays/nixops/default.nix +++ b/overlays/nixops/default.nix @@ -9,6 +9,9 @@ self: super: { }) ]; preConfigure = (old.preConfigure or "") + '' + # https://github.com/NixOS/nixops/issues/1216 + sed -i -e "/Register the paths in the Nix database./s/#.*$/export USER=root/" nix/libvirtd-image.nix + sed -i -e '/^import sys$/s/$/; sys.tracebacklimit = 0/' scripts/nixops sed -i -e "/'keyFile'/s/'path'/'string'/" nixops/backends/__init__.py '';