aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-08-08 15:56:45 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-08-08 15:56:45 +0200
commit6c95e93c85640e1fe544ed1b6a0b83e27725d0f0 (patch)
treea9a26e16d244311e164222dede579b1228169b20 /modules
parentf989f3edd7790c9b1a67dc99f074828211bbbe68 (diff)
downloadNix-6c95e93c85640e1fe544ed1b6a0b83e27725d0f0.tar.gz
Nix-6c95e93c85640e1fe544ed1b6a0b83e27725d0f0.tar.zst
Nix-6c95e93c85640e1fe544ed1b6a0b83e27725d0f0.zip
Migrate caldance configuration to nixos
Diffstat (limited to 'modules')
-rw-r--r--modules/private/buildbot/projects/caldance/__init__.py12
-rw-r--r--modules/private/environment.nix15
-rw-r--r--modules/private/monitoring/default.nix2
-rw-r--r--modules/private/monitoring/objects_caldance-1.nix48
-rw-r--r--modules/private/system/dilion.nix34
5 files changed, 56 insertions, 55 deletions
diff --git a/modules/private/buildbot/projects/caldance/__init__.py b/modules/private/buildbot/projects/caldance/__init__.py
index 8d4e804..c71eebf 100644
--- a/modules/private/buildbot/projects/caldance/__init__.py
+++ b/modules/private/buildbot/projects/caldance/__init__.py
@@ -22,7 +22,7 @@ class E():
22 XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ") 22 XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ")
23 23
24 PUPPET_HOST = { 24 PUPPET_HOST = {
25 "integration": "root@caldance.immae.eu", 25 "integration": [ "-p8022", "root@caldance.immae.eu"],
26 } 26 }
27 27
28 # master.cfg 28 # master.cfg
@@ -132,9 +132,12 @@ def compute_build_infos(project):
132 return compute 132 return compute
133 133
134@util.renderer 134@util.renderer
135def puppet_host(props): 135def puppet_ssh_command(props):
136 environment = props["environment"] if props.hasProperty("environment") else "integration" 136 environment = props["environment"] if props.hasProperty("environment") else "integration"
137 return E.PUPPET_HOST.get(environment, "host.invalid") 137 ssh_command = [
138 "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no",
139 "-i", E.SSH_KEY_PATH ]
140 return ssh_command + E.PUPPET_HOST.get(environment, ["host.invalid"])
138 141
139def deploy_factory(project, locks=[]): 142def deploy_factory(project, locks=[]):
140 package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH)) 143 package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))
@@ -145,8 +148,7 @@ def deploy_factory(project, locks=[]):
145 factory.addStep(LdapPush(environment=util.Property("environment"), 148 factory.addStep(LdapPush(environment=util.Property("environment"),
146 project=project, build_version=util.Property("build_version"), 149 project=project, build_version=util.Property("build_version"),
147 build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap"))) 150 build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
148 factory.addStep(steps.MasterShellCommand(command=[ 151 factory.addStep(steps.MasterShellCommand(command=puppet_ssh_command))
149 "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
150 return util.BuilderConfig( 152 return util.BuilderConfig(
151 name="{}_deploy".format(project.capitalize()), 153 name="{}_deploy".format(project.capitalize()),
152 locks=locks, 154 locks=locks,
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 193e95c..6a2cea0 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1354,6 +1354,21 @@ in
1354 }; 1354 };
1355 }; 1355 };
1356 }; 1356 };
1357 caldance = mkOption {
1358 description = "Caldance configurations by environment";
1359 type = submodule {
1360 options = {
1361 integration = mkOption {
1362 description = "environment configuration";
1363 type = submodule {
1364 options = {
1365 password = mkOption { type = str; description = "Password file content for basic auth"; };
1366 };
1367 };
1368 };
1369 };
1370 };
1371 };
1357 tellesflorian = mkOption { 1372 tellesflorian = mkOption {
1358 description = "Tellesflorian configurations by environment"; 1373 description = "Tellesflorian configurations by environment";
1359 type = 1374 type =
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index c573af2..1590fd0 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -138,7 +138,7 @@ let
138 }; 138 };
139 otherObjects = map 139 otherObjects = map
140 (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; })) 140 (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; }))
141 [ "caldance-1" "ulminfo-fr" "phare" ]; 141 [ "ulminfo-fr" "phare" ];
142 masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; }; 142 masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; };
143 commonObjects = pkgs.callPackage ./objects_common.nix ({ 143 commonObjects = pkgs.callPackage ./objects_common.nix ({
144 master = cfg.master; 144 master = cfg.master;
diff --git a/modules/private/monitoring/objects_caldance-1.nix b/modules/private/monitoring/objects_caldance-1.nix
deleted file mode 100644
index d5b2d8d..0000000
--- a/modules/private/monitoring/objects_caldance-1.nix
+++ /dev/null
@@ -1,48 +0,0 @@
1{ ... }:
2let
3 defaultPassiveInfo = {
4 use = "external-passive-service";
5 freshness_threshold = "450";
6 retry_interval = "1";
7 host_name = "caldance-1.v.immae.eu";
8 };
9in
10{
11 host = {
12 "caldance-1.v.immae.eu" = {
13 alias = "caldance-1.v.immae.eu";
14 address = "caldance-1.v.immae.eu";
15 use = "linux-server";
16 };
17 };
18 service = map (s: defaultPassiveInfo // s) [
19 {
20 service_description = "Size on root partition";
21 }
22
23 {
24 service_description = "Total number of process";
25 }
26
27 {
28 service_description = "Average load";
29 }
30
31 {
32 service_description = "Swap usage";
33 }
34
35 {
36 service_description = "fail2ban is active";
37 }
38
39 {
40 service_description = "NTP is activated and working";
41 freshness_threshold = "5400";
42 }
43
44 {
45 service_description = "Databases are present in postgresql";
46 }
47 ];
48}
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix
index 379117c..a0d56cc 100644
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -1,5 +1,5 @@
1{ privateFiles }: 1{ privateFiles }:
2{ config, pkgs, name, ... }: 2{ config, pkgs, name, lib, ... }:
3{ 3{
4 boot.supportedFilesystems = [ "zfs" ]; 4 boot.supportedFilesystems = [ "zfs" ];
5 boot.kernelPackages = pkgs.linuxPackages_latest; 5 boot.kernelPackages = pkgs.linuxPackages_latest;
@@ -41,6 +41,8 @@
41 }; 41 };
42 }; 42 };
43 43
44 system.nssModules = [ pkgs.libvirt ];
45 system.nssHosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ];
44 programs.zsh.enable = true; 46 programs.zsh.enable = true;
45 47
46 users.users.backup = { 48 users.users.backup = {
@@ -76,12 +78,24 @@
76 install -m 0750 -o backup -g root -d /var/lib/backup/eldiron 78 install -m 0750 -o backup -g root -d /var/lib/backup/eldiron
77 ''; 79 '';
78 80
81 system.activationScripts.libvirtd_exports = ''
82 install -m 0755 -o root -g root -d /var/lib/caldance
83 '';
79 virtualisation.docker.enable = true; 84 virtualisation.docker.enable = true;
80 virtualisation.libvirtd.enable = true; 85 virtualisation.libvirtd.enable = true;
81 users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ]; 86 users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ];
82 systemd.services.libvirtd.postStart = '' 87 systemd.services.libvirtd.postStart = ''
83 install -m 0770 -g libvirtd -d /var/lib/libvirt/images 88 install -m 0770 -g libvirtd -d /var/lib/libvirt/images
84 ''; 89 '';
90 systemd.services.socat-caldance = {
91 description = "Forward ssh port to caldance";
92 wantedBy = [ "multi-user.target" ];
93 after = [ "network.target" ];
94
95 serviceConfig = {
96 ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:8022,fork TCP:nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:22";
97 };
98 };
85 99
86 time.timeZone = "Europe/Paris"; 100 time.timeZone = "Europe/Paris";
87 nix = { 101 nix = {
@@ -117,6 +131,7 @@
117 "discourse.immae.eu" = null; 131 "discourse.immae.eu" = null;
118 "discourse.cip-ca.fr" = null; 132 "discourse.cip-ca.fr" = null;
119 "dev.immae.eu" = null; 133 "dev.immae.eu" = null;
134 "caldance.immae.eu" = null;
120 }; 135 };
121 }; 136 };
122 services.nginx = { 137 services.nginx = {
@@ -124,6 +139,9 @@
124 recommendedOptimisation = true; 139 recommendedOptimisation = true;
125 recommendedGzipSettings = true; 140 recommendedGzipSettings = true;
126 recommendedProxySettings = true; 141 recommendedProxySettings = true;
142 upstreams = {
143 caldance.servers."nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:3031" = {};
144 };
127 virtualHosts = { 145 virtualHosts = {
128 "dev.immae.eu" = { 146 "dev.immae.eu" = {
129 acmeRoot = config.myServices.certificates.webroot; 147 acmeRoot = config.myServices.certificates.webroot;
@@ -143,6 +161,20 @@
143 forceSSL = true; 161 forceSSL = true;
144 locations."/".proxyPass = "http://localhost:18031"; 162 locations."/".proxyPass = "http://localhost:18031";
145 }; 163 };
164 "caldance.immae.eu" = {
165 acmeRoot = config.myServices.certificates.webroot;
166 useACMEHost = name;
167 forceSSL = true;
168 locations."/".extraConfig = ''
169 uwsgi_pass caldance;
170 '';
171 locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/";
172 locations."/media/".alias = "/var/lib/caldance/caldance/media/";
173 extraConfig = ''
174 auth_basic "Authentification requise";
175 auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
176 '';
177 };
146 }; 178 };
147 }; 179 };
148 180