Migrate caldance configuration to nixos

5 files changed, 56 insertions, 55 deletions

diff --git a/modules/private/buildbot/projects/caldance/__init__.py b/modules/private/buildbot/projects/caldance/__init__.py
index 8d4e804..c71eebf 100644
--- a/modules/private/buildbot/projects/caldance/__init__.py
+++ b/modules/private/buildbot/projects/caldance/__init__.py
@@ -22,7 +22,7 @@ class E():
     XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ")
 
     PUPPET_HOST = {
-            "integration": "root@caldance.immae.eu",
+            "integration": [ "-p8022", "root@caldance.immae.eu"],
             }
 
     # master.cfg
@@ -132,9 +132,12 @@ def compute_build_infos(project):
     return compute
 
 @util.renderer
-def puppet_host(props):
+def puppet_ssh_command(props):
     environment = props["environment"] if props.hasProperty("environment") else "integration"
-    return E.PUPPET_HOST.get(environment, "host.invalid")
+    ssh_command = [
+            "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no",
+            "-i", E.SSH_KEY_PATH ]
+    return ssh_command + E.PUPPET_HOST.get(environment, ["host.invalid"])
 
 def deploy_factory(project, locks=[]):
     package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))
@@ -145,8 +148,7 @@ def deploy_factory(project, locks=[]):
     factory.addStep(LdapPush(environment=util.Property("environment"),
         project=project, build_version=util.Property("build_version"),
         build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
-    factory.addStep(steps.MasterShellCommand(command=[
-        "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
+    factory.addStep(steps.MasterShellCommand(command=puppet_ssh_command))
     return util.BuilderConfig(
             name="{}_deploy".format(project.capitalize()),
             locks=locks,
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 193e95c..6a2cea0 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1354,6 +1354,21 @@ in
               };
             };
           };
+          caldance = mkOption {
+            description = "Caldance configurations by environment";
+            type = submodule {
+              options = {
+                integration = mkOption {
+                  description = "environment configuration";
+                  type = submodule {
+                    options = {
+                      password = mkOption { type = str; description = "Password file content for basic auth"; };
+                    };
+                  };
+                };
+              };
+            };
+          };
           tellesflorian = mkOption {
             description = "Tellesflorian configurations by environment";
             type =
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index c573af2..1590fd0 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -138,7 +138,7 @@ let
     };
   otherObjects = map
     (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))
-    [ "caldance-1" "ulminfo-fr" "phare" ];
+    [ "ulminfo-fr" "phare" ];
   masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
   commonObjects = pkgs.callPackage ./objects_common.nix ({
     master = cfg.master;
diff --git a/modules/private/monitoring/objects_caldance-1.nix b/modules/private/monitoring/objects_caldance-1.nix
deleted file mode 100644
index d5b2d8d..0000000
--- a/modules/private/monitoring/objects_caldance-1.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ ... }:
-let
-  defaultPassiveInfo = {
-    use = "external-passive-service";
-    freshness_threshold = "450";
-    retry_interval = "1";
-    host_name = "caldance-1.v.immae.eu";
-  };
-in
-{
-  host = {
-    "caldance-1.v.immae.eu" = {
-      alias = "caldance-1.v.immae.eu";
-      address = "caldance-1.v.immae.eu";
-      use = "linux-server";
-    };
-  };
-  service = map (s: defaultPassiveInfo // s) [
-    {
-      service_description = "Size on root partition";
-    }
-
-    {
-      service_description = "Total number of process";
-    }
-
-    {
-      service_description = "Average load";
-    }
-
-    {
-      service_description = "Swap usage";
-    }
-
-    {
-      service_description = "fail2ban is active";
-    }
-
-    {
-      service_description = "NTP is activated and working";
-      freshness_threshold = "5400";
-    }
-
-    {
-      service_description = "Databases are present in postgresql";
-    }
-  ];
-}
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix
index 379117c..a0d56cc 100644
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -1,5 +1,5 @@
 { privateFiles }:
-{ config, pkgs, name, ... }:
+{ config, pkgs, name, lib, ... }:
 {
   boot.supportedFilesystems = [ "zfs" ];
   boot.kernelPackages = pkgs.linuxPackages_latest;
@@ -41,6 +41,8 @@
     };
   };
 
+  system.nssModules = [ pkgs.libvirt ];
+  system.nssHosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ];
   programs.zsh.enable = true;
 
   users.users.backup = {
@@ -76,12 +78,24 @@
     install -m 0750 -o backup -g root -d /var/lib/backup/eldiron
   '';
 
+  system.activationScripts.libvirtd_exports = ''
+    install -m 0755 -o root -g root -d /var/lib/caldance
+  '';
   virtualisation.docker.enable = true;
   virtualisation.libvirtd.enable = true;
   users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ];
   systemd.services.libvirtd.postStart = ''
     install -m 0770 -g libvirtd -d /var/lib/libvirt/images
   '';
+  systemd.services.socat-caldance = {
+    description = "Forward ssh port to caldance";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+
+    serviceConfig = {
+      ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:8022,fork TCP:nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:22";
+    };
+  };
 
   time.timeZone = "Europe/Paris";
   nix = {
@@ -117,6 +131,7 @@
       "discourse.immae.eu" = null;
       "discourse.cip-ca.fr" = null;
       "dev.immae.eu" = null;
+      "caldance.immae.eu" = null;
     };
   };
   services.nginx = {
@@ -124,6 +139,9 @@
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
+    upstreams = {
+      caldance.servers."nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:3031" = {};
+    };
     virtualHosts = {
       "dev.immae.eu" = {
         acmeRoot = config.myServices.certificates.webroot;
@@ -143,6 +161,20 @@
         forceSSL = true;
         locations."/".proxyPass = "http://localhost:18031";
       };
+      "caldance.immae.eu" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".extraConfig = ''
+          uwsgi_pass caldance;
+        '';
+        locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/";
+        locations."/media/".alias = "/var/lib/caldance/caldance/media/";
+        extraConfig = ''
+          auth_basic           "Authentification requise";
+          auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
+        '';
+      };
     };
   };