diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-08-08 15:56:45 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-08-08 15:56:45 +0200 |
commit | 6c95e93c85640e1fe544ed1b6a0b83e27725d0f0 (patch) | |
tree | a9a26e16d244311e164222dede579b1228169b20 /modules | |
parent | f989f3edd7790c9b1a67dc99f074828211bbbe68 (diff) | |
download | Nix-6c95e93c85640e1fe544ed1b6a0b83e27725d0f0.tar.gz Nix-6c95e93c85640e1fe544ed1b6a0b83e27725d0f0.tar.zst Nix-6c95e93c85640e1fe544ed1b6a0b83e27725d0f0.zip |
Migrate caldance configuration to nixos
Diffstat (limited to 'modules')
-rw-r--r-- | modules/private/buildbot/projects/caldance/__init__.py | 12 | ||||
-rw-r--r-- | modules/private/environment.nix | 15 | ||||
-rw-r--r-- | modules/private/monitoring/default.nix | 2 | ||||
-rw-r--r-- | modules/private/monitoring/objects_caldance-1.nix | 48 | ||||
-rw-r--r-- | modules/private/system/dilion.nix | 34 |
5 files changed, 56 insertions, 55 deletions
diff --git a/modules/private/buildbot/projects/caldance/__init__.py b/modules/private/buildbot/projects/caldance/__init__.py index 8d4e804..c71eebf 100644 --- a/modules/private/buildbot/projects/caldance/__init__.py +++ b/modules/private/buildbot/projects/caldance/__init__.py | |||
@@ -22,7 +22,7 @@ class E(): | |||
22 | XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ") | 22 | XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ") |
23 | 23 | ||
24 | PUPPET_HOST = { | 24 | PUPPET_HOST = { |
25 | "integration": "root@caldance.immae.eu", | 25 | "integration": [ "-p8022", "root@caldance.immae.eu"], |
26 | } | 26 | } |
27 | 27 | ||
28 | # master.cfg | 28 | # master.cfg |
@@ -132,9 +132,12 @@ def compute_build_infos(project): | |||
132 | return compute | 132 | return compute |
133 | 133 | ||
134 | @util.renderer | 134 | @util.renderer |
135 | def puppet_host(props): | 135 | def puppet_ssh_command(props): |
136 | environment = props["environment"] if props.hasProperty("environment") else "integration" | 136 | environment = props["environment"] if props.hasProperty("environment") else "integration" |
137 | return E.PUPPET_HOST.get(environment, "host.invalid") | 137 | ssh_command = [ |
138 | "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", | ||
139 | "-i", E.SSH_KEY_PATH ] | ||
140 | return ssh_command + E.PUPPET_HOST.get(environment, ["host.invalid"]) | ||
138 | 141 | ||
139 | def deploy_factory(project, locks=[]): | 142 | def deploy_factory(project, locks=[]): |
140 | package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH)) | 143 | package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH)) |
@@ -145,8 +148,7 @@ def deploy_factory(project, locks=[]): | |||
145 | factory.addStep(LdapPush(environment=util.Property("environment"), | 148 | factory.addStep(LdapPush(environment=util.Property("environment"), |
146 | project=project, build_version=util.Property("build_version"), | 149 | project=project, build_version=util.Property("build_version"), |
147 | build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap"))) | 150 | build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap"))) |
148 | factory.addStep(steps.MasterShellCommand(command=[ | 151 | factory.addStep(steps.MasterShellCommand(command=puppet_ssh_command)) |
149 | "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host])) | ||
150 | return util.BuilderConfig( | 152 | return util.BuilderConfig( |
151 | name="{}_deploy".format(project.capitalize()), | 153 | name="{}_deploy".format(project.capitalize()), |
152 | locks=locks, | 154 | locks=locks, |
diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 193e95c..6a2cea0 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix | |||
@@ -1354,6 +1354,21 @@ in | |||
1354 | }; | 1354 | }; |
1355 | }; | 1355 | }; |
1356 | }; | 1356 | }; |
1357 | caldance = mkOption { | ||
1358 | description = "Caldance configurations by environment"; | ||
1359 | type = submodule { | ||
1360 | options = { | ||
1361 | integration = mkOption { | ||
1362 | description = "environment configuration"; | ||
1363 | type = submodule { | ||
1364 | options = { | ||
1365 | password = mkOption { type = str; description = "Password file content for basic auth"; }; | ||
1366 | }; | ||
1367 | }; | ||
1368 | }; | ||
1369 | }; | ||
1370 | }; | ||
1371 | }; | ||
1357 | tellesflorian = mkOption { | 1372 | tellesflorian = mkOption { |
1358 | description = "Tellesflorian configurations by environment"; | 1373 | description = "Tellesflorian configurations by environment"; |
1359 | type = | 1374 | type = |
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index c573af2..1590fd0 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
@@ -138,7 +138,7 @@ let | |||
138 | }; | 138 | }; |
139 | otherObjects = map | 139 | otherObjects = map |
140 | (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; })) | 140 | (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") { inherit emailCheck; })) |
141 | [ "caldance-1" "ulminfo-fr" "phare" ]; | 141 | [ "ulminfo-fr" "phare" ]; |
142 | masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; }; | 142 | masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; }; |
143 | commonObjects = pkgs.callPackage ./objects_common.nix ({ | 143 | commonObjects = pkgs.callPackage ./objects_common.nix ({ |
144 | master = cfg.master; | 144 | master = cfg.master; |
diff --git a/modules/private/monitoring/objects_caldance-1.nix b/modules/private/monitoring/objects_caldance-1.nix deleted file mode 100644 index d5b2d8d..0000000 --- a/modules/private/monitoring/objects_caldance-1.nix +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | { ... }: | ||
2 | let | ||
3 | defaultPassiveInfo = { | ||
4 | use = "external-passive-service"; | ||
5 | freshness_threshold = "450"; | ||
6 | retry_interval = "1"; | ||
7 | host_name = "caldance-1.v.immae.eu"; | ||
8 | }; | ||
9 | in | ||
10 | { | ||
11 | host = { | ||
12 | "caldance-1.v.immae.eu" = { | ||
13 | alias = "caldance-1.v.immae.eu"; | ||
14 | address = "caldance-1.v.immae.eu"; | ||
15 | use = "linux-server"; | ||
16 | }; | ||
17 | }; | ||
18 | service = map (s: defaultPassiveInfo // s) [ | ||
19 | { | ||
20 | service_description = "Size on root partition"; | ||
21 | } | ||
22 | |||
23 | { | ||
24 | service_description = "Total number of process"; | ||
25 | } | ||
26 | |||
27 | { | ||
28 | service_description = "Average load"; | ||
29 | } | ||
30 | |||
31 | { | ||
32 | service_description = "Swap usage"; | ||
33 | } | ||
34 | |||
35 | { | ||
36 | service_description = "fail2ban is active"; | ||
37 | } | ||
38 | |||
39 | { | ||
40 | service_description = "NTP is activated and working"; | ||
41 | freshness_threshold = "5400"; | ||
42 | } | ||
43 | |||
44 | { | ||
45 | service_description = "Databases are present in postgresql"; | ||
46 | } | ||
47 | ]; | ||
48 | } | ||
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix index 379117c..a0d56cc 100644 --- a/modules/private/system/dilion.nix +++ b/modules/private/system/dilion.nix | |||
@@ -1,5 +1,5 @@ | |||
1 | { privateFiles }: | 1 | { privateFiles }: |
2 | { config, pkgs, name, ... }: | 2 | { config, pkgs, name, lib, ... }: |
3 | { | 3 | { |
4 | boot.supportedFilesystems = [ "zfs" ]; | 4 | boot.supportedFilesystems = [ "zfs" ]; |
5 | boot.kernelPackages = pkgs.linuxPackages_latest; | 5 | boot.kernelPackages = pkgs.linuxPackages_latest; |
@@ -41,6 +41,8 @@ | |||
41 | }; | 41 | }; |
42 | }; | 42 | }; |
43 | 43 | ||
44 | system.nssModules = [ pkgs.libvirt ]; | ||
45 | system.nssHosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ]; | ||
44 | programs.zsh.enable = true; | 46 | programs.zsh.enable = true; |
45 | 47 | ||
46 | users.users.backup = { | 48 | users.users.backup = { |
@@ -76,12 +78,24 @@ | |||
76 | install -m 0750 -o backup -g root -d /var/lib/backup/eldiron | 78 | install -m 0750 -o backup -g root -d /var/lib/backup/eldiron |
77 | ''; | 79 | ''; |
78 | 80 | ||
81 | system.activationScripts.libvirtd_exports = '' | ||
82 | install -m 0755 -o root -g root -d /var/lib/caldance | ||
83 | ''; | ||
79 | virtualisation.docker.enable = true; | 84 | virtualisation.docker.enable = true; |
80 | virtualisation.libvirtd.enable = true; | 85 | virtualisation.libvirtd.enable = true; |
81 | users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ]; | 86 | users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ]; |
82 | systemd.services.libvirtd.postStart = '' | 87 | systemd.services.libvirtd.postStart = '' |
83 | install -m 0770 -g libvirtd -d /var/lib/libvirt/images | 88 | install -m 0770 -g libvirtd -d /var/lib/libvirt/images |
84 | ''; | 89 | ''; |
90 | systemd.services.socat-caldance = { | ||
91 | description = "Forward ssh port to caldance"; | ||
92 | wantedBy = [ "multi-user.target" ]; | ||
93 | after = [ "network.target" ]; | ||
94 | |||
95 | serviceConfig = { | ||
96 | ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:8022,fork TCP:nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:22"; | ||
97 | }; | ||
98 | }; | ||
85 | 99 | ||
86 | time.timeZone = "Europe/Paris"; | 100 | time.timeZone = "Europe/Paris"; |
87 | nix = { | 101 | nix = { |
@@ -117,6 +131,7 @@ | |||
117 | "discourse.immae.eu" = null; | 131 | "discourse.immae.eu" = null; |
118 | "discourse.cip-ca.fr" = null; | 132 | "discourse.cip-ca.fr" = null; |
119 | "dev.immae.eu" = null; | 133 | "dev.immae.eu" = null; |
134 | "caldance.immae.eu" = null; | ||
120 | }; | 135 | }; |
121 | }; | 136 | }; |
122 | services.nginx = { | 137 | services.nginx = { |
@@ -124,6 +139,9 @@ | |||
124 | recommendedOptimisation = true; | 139 | recommendedOptimisation = true; |
125 | recommendedGzipSettings = true; | 140 | recommendedGzipSettings = true; |
126 | recommendedProxySettings = true; | 141 | recommendedProxySettings = true; |
142 | upstreams = { | ||
143 | caldance.servers."nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:3031" = {}; | ||
144 | }; | ||
127 | virtualHosts = { | 145 | virtualHosts = { |
128 | "dev.immae.eu" = { | 146 | "dev.immae.eu" = { |
129 | acmeRoot = config.myServices.certificates.webroot; | 147 | acmeRoot = config.myServices.certificates.webroot; |
@@ -143,6 +161,20 @@ | |||
143 | forceSSL = true; | 161 | forceSSL = true; |
144 | locations."/".proxyPass = "http://localhost:18031"; | 162 | locations."/".proxyPass = "http://localhost:18031"; |
145 | }; | 163 | }; |
164 | "caldance.immae.eu" = { | ||
165 | acmeRoot = config.myServices.certificates.webroot; | ||
166 | useACMEHost = name; | ||
167 | forceSSL = true; | ||
168 | locations."/".extraConfig = '' | ||
169 | uwsgi_pass caldance; | ||
170 | ''; | ||
171 | locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/"; | ||
172 | locations."/media/".alias = "/var/lib/caldance/caldance/media/"; | ||
173 | extraConfig = '' | ||
174 | auth_basic "Authentification requise"; | ||
175 | auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password}; | ||
176 | ''; | ||
177 | }; | ||
146 | }; | 178 | }; |
147 | }; | 179 | }; |
148 | 180 | ||