DGNum/infrastructure
9
6
Fork 2
Code Issues 13 Pull requests 6 Actions Packages Projects 1 Releases Wiki Activity

feat(modules): Generalize redirections
All checks were successful
build configuration / build_web02 (push) Successful in 1m2s
Details
build configuration / build_vault01 (push) Successful in 1m6s
Details
build configuration / build_storage01 (push) Successful in 1m6s
Details
build configuration / build_compute01 (push) Successful in 1m11s
Details
lint / check (push) Successful in 24s
Details
build configuration / build_web01 (push) Successful in 1m30s
Details
build configuration / build_rescue01 (push) Successful in 56s
Details
build configuration / push_to_cache (push) Successful in 2m13s
Details

Browse source
This commit is contained in:
Tom Hubrecht 2024-04-23 22:02:04 +02:00
parent dd10a8e2fe
commit 3f928ce90b
4 changed files with 143 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
machines/rescue01/uptime-kuma.nix
View file

@ -1,17 +1,29 @@
{ {
config,
lib, lib,
nodes, nodes,
config,
sources, sources,
... ...
}: }:
let let
inherit (lib)
concatLists
mapAttrsToList
mkForce
mkMerge
;
inherit (config.statelessUptimeKuma.lib) inherit (config.statelessUptimeKuma.lib)
pingProbesFromHive pingProbesFromHive
fromHive fromHive
httpProbesFromConfig httpProbesFromConfig
probesWithTag probesWithTag
; ;
probesCfg = config.statelessUptimeKuma.probesConfig;
mkMonitors = name: builtins.attrNames (probesWithTag { inherit name; } probesCfg);
host = "status.dgnum.eu"; host = "status.dgnum.eu";
port = 3001; port = 3001;
@ -24,14 +36,15 @@ let
"cdn.dgnum.eu" "cdn.dgnum.eu"
"saml-idp.dgnum.eu" "saml-idp.dgnum.eu"
"status.dgnum.eu" "status.dgnum.eu"
] ++ nodes.web01.config.dgn-redirections.retired; ] ++ (concatLists (mapAttrsToList (_: { config, ... }: config.dgn-redirections.retired) nodes));
extraProbes = { extraProbes = {
monitors = { monitors = {
"prometheus.dgnum.eu" = { "prometheus.dgnum.eu" = {
type = lib.mkForce "http"; type = mkForce "http";
accepted_statuscodes = [ "401" ]; accepted_statuscodes = [ "401" ];
}; };
"api.meet.dgnum.eu" = { "api.meet.dgnum.eu" = {
keyword = "Crab Fit API"; keyword = "Crab Fit API";
}; };
@ -47,23 +60,17 @@ let
{ {
name = "Services"; name = "Services";
weight = 1; weight = 1;
monitorList = builtins.attrNames ( monitorList = mkMonitors "Service";
probesWithTag { name = "Service"; } config.statelessUptimeKuma.probesConfig
);
} }
{ {
name = "Serveurs"; name = "Serveurs";
weight = 2; weight = 2;
monitorList = builtins.attrNames ( monitorList = mkMonitors "Ping";
probesWithTag { name = "Ping"; } config.statelessUptimeKuma.probesConfig
);
} }
{ {
name = "VPN Interne"; name = "VPN Interne";
weight = 2; weight = 2;
monitorList = builtins.attrNames ( monitorList = mkMonitors "VPN";
probesWithTag { name = "VPN"; } config.statelessUptimeKuma.probesConfig
);
} }
]; ];
}; };
@ -111,6 +118,7 @@ in
{ {
imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ]; imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ];
nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ]; nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ];
services.uptime-kuma.enable = true; services.uptime-kuma.enable = true;
services.nginx = { services.nginx = {
@ -132,17 +140,16 @@ in
]; ];
statelessUptimeKuma = { statelessUptimeKuma = {
probesConfig = lib.mkMerge [ probesConfig = mkMerge [
pingProbes pingProbes
httpProbes httpProbes
extraProbes extraProbes
vpnProbes vpnProbes
{ inherit status_pages; } { inherit status_pages; }
]; ];
extraFlags = [
"-v DEBUG" extraFlags = [ "-s" ];
"-s"
];
host = "http://localhost:${builtins.toString port}/"; host = "http://localhost:${builtins.toString port}/";
username = "dgnum"; username = "dgnum";
passwordFile = config.age.secrets."stateless-uptime-kuma-password".path; passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;

134
machines/web01/redirections.nix
View file

@ -1,92 +1,60 @@
{ lib, config, ... }: _:
let let
retired_host = "retired.dgnum.eu"; retiredHost = "retired.dgnum.eu";
mkRetired = mkSubs =
hosts: attrs:
builtins.listToAttrs ( builtins.concatLists (
builtins.map (name: { builtins.attrValues (builtins.mapAttrs (domain: builtins.map (s: "${s}.${domain}")) attrs)
inherit name;
value = {
enableACME = true;
forceSSL = true;
locations."/".return = "301 https://${retired_host}/${name}";
};
}) hosts
); );
mkSub = domain: builtins.map (s: "${s}.${domain}");
mkSubs = attrs: builtins.concatLists (builtins.attrValues (builtins.mapAttrs mkSub attrs));
mkRedirection =
_:
{ to }:
{
globalRedirect = to;
enableACME = true;
forceSSL = true;
};
cfg = config.dgn-redirections;
in in
{
options.dgn-redirections = {
redirections = lib.mkOption {
type =
with lib.types;
attrsOf (submodule {
options.to = lib.mkOption { type = str; };
});
default = { };
};
retired = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
};
};
config = {
dgn-redirections = {
redirections = {
"calendrier.eleves.ens.fr".to = "calendrier.dgnum.eu";
"docs.beta.rz.ens.wtf".to = "pads.dgnum.eu";
"git.rz.ens.wtf".to = "git.dgnum.eu";
"notion.rz.ens.wtf".to = "docs.dgnum.eu";
"nuage.beta.rz.ens.wtf".to = "cloud.dgnum.eu";
"rdv.dgnum.eu".to = "meet.dgnum.eu";
"www.bda.ens.fr".to = "bda.ens.fr";
"bda.wp.dgnum.eu".to = "bda.ens.fr";
"www.tuteurs.ens.fr".to = "tuteurs.ens.fr";
"www.interq.ens.fr".to = "interq.ens.fr";
"www.lanuit.ens.fr".to = "lanuit.ens.fr";
};
retired = mkSubs { {
"ens.fr" = [ dgn-redirections = {
"alevins" inherit retiredHost;
"www.climatenavigator"
]; redirections = {
"ens.wtf" = [ "photos" ]; "calendrier.eleves.ens.fr" = "calendrier.dgnum.eu";
"rz.ens.wtf" = [ "docs.beta.rz.ens.wtf" = "pads.dgnum.eu";
"s3" "git.rz.ens.wtf" = "git.dgnum.eu";
"cdn" "notion.rz.ens.wtf" = "docs.dgnum.eu";
]; "nuage.beta.rz.ens.wtf" = "cloud.dgnum.eu";
"beta.rz.ens.wtf" = [ "rdv.dgnum.eu" = "meet.dgnum.eu";
"todo" "www.bda.ens.fr" = "bda.ens.fr";
"minecraft" "bda.wp.dgnum.eu" = "bda.ens.fr";
"factorio" "www.tuteurs.ens.fr" = "tuteurs.ens.fr";
"home" "www.interq.ens.fr" = "interq.ens.fr";
"pads" "www.lanuit.ens.fr" = "lanuit.ens.fr";
"api.pads" };
"files.pads"
"sandbox.pads" retired = mkSubs {
"jurisprudens" "ens.fr" = [
"rstudio" "alevins"
]; "www.climatenavigator"
}; ];
"ens.wtf" = [ "photos" ];
"rz.ens.wtf" = [
"s3"
"cdn"
];
"beta.rz.ens.wtf" = [
"todo"
"minecraft"
"factorio"
"home"
"pads"
"api.pads"
"files.pads"
"sandbox.pads"
"jurisprudens"
"rstudio"
];
}; };
services.nginx.virtualHosts = {
${retired_host}.default = true;
} // (builtins.mapAttrs mkRedirection cfg.redirections) // (mkRetired cfg.retired);
}; };
services.nginx.virtualHosts.${retiredHost}.default = true;
} }

7
modules/default.nix
View file

@ -48,14 +48,15 @@
"dgn-console" "dgn-console"
"dgn-fail2ban" "dgn-fail2ban"
"dgn-hardware" "dgn-hardware"
"dgn-node-monitoring"
"dgn-notify"
"dgn-netbox-agent" "dgn-netbox-agent"
"dgn-network" "dgn-network"
"dgn-node-monitoring"
"dgn-notify"
"dgn-records" "dgn-records"
"dgn-redirections"
"dgn-ssh" "dgn-ssh"
"dgn-web"
"dgn-vm-variant" "dgn-vm-variant"
"dgn-web"
]) ])
++ [ ++ [
"${sources.agenix}/modules/age.nix" "${sources.agenix}/modules/age.nix"

64
modules/dgn-redirections/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ config, lib, ... }:
let
inherit (lib) mkOption;
inherit (lib.types) attrsOf listOf str;
mkRetired =
hosts:
builtins.listToAttrs (
builtins.map (name: {
inherit name;
value = {
enableACME = true;
forceSSL = true;
locations."/".return = "301 https://${cfg.retiredHost}/${name}";
};
}) hosts
);
mkRedirection = _: globalRedirect: {
inherit globalRedirect;
enableACME = true;
forceSSL = true;
};
cfg = config.dgn-redirections;
in
{
options.dgn-redirections = {
redirections = mkOption {
type = attrsOf str;
default = { };
description = ''
Attribute set of redirections, for:
{ a = b; },
a redirection from a to b will be made.
'';
};
retired = mkOption {
type = listOf str;
default = [ ];
description = ''
List of retired domains, they will we redirected to `retired.dgnum.eu/$host`.
'';
};
retiredHost = mkOption {
type = str;
default = "retired.dgnum.eu";
description = ''
Host used for the redirections of retired services.
'';
};
};
config = {
services.nginx.virtualHosts =
(builtins.mapAttrs mkRedirection cfg.redirections) // (mkRetired cfg.retired);
};
}