From e03a3f16f8e395b637da4d2dd75712bb270fc3f0 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 5 Mar 2022 23:16:54 +0100 Subject: [PATCH] public-cof: add monitoring, deploy home.beta.rz.ens.wtf properly --- krops.nix | 2 +- machines/public-cof/configuration.nix | 1 + machines/public-cof/monitoring.nix | 30 +++++++++++++++++++++++++++ machines/public-cof/networking.nix | 6 +++++- machines/public-cof/nginx.nix | 23 +++++++++++++++++--- 5 files changed, 57 insertions(+), 5 deletions(-) create mode 100644 machines/public-cof/monitoring.nix diff --git a/krops.nix b/krops.nix index 24f6566..01ee420 100644 --- a/krops.nix +++ b/krops.nix @@ -31,5 +31,5 @@ let in {} // mkDeploy "core-services-01" "root@10.1.1.20" // mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf" -// mkDeploy "public-cof" "root@minecraft.beta.rz.ens.wtf" +// mkDeploy "public-cof" "root@beta.rz.ens.wtf" // mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ] diff --git a/machines/public-cof/configuration.nix b/machines/public-cof/configuration.nix index d9ce6e5..ef33c32 100644 --- a/machines/public-cof/configuration.nix +++ b/machines/public-cof/configuration.nix @@ -8,6 +8,7 @@ ./system.nix ./acme.nix ./networking.nix + ./monitoring.nix ./nextcloud.nix ./minecraft.nix ./nur.nix diff --git a/machines/public-cof/monitoring.nix b/machines/public-cof/monitoring.nix new file mode 100644 index 0000000..0f4751f --- /dev/null +++ b/machines/public-cof/monitoring.nix @@ -0,0 +1,30 @@ +{ config, ... }: +{ + services.netdata = { + enable = true; + config = { + global."memory mode" = "none"; + web = { + mode = "none"; + "accept a streaming request every seconds" = 0; + }; + }; + }; + + systemd.services.netdata.restartTriggers = map (v: config.environment.etc."netdata/${v}.conf".source) [ + "stream" + ]; + + + environment.etc."netdata/stream.conf" = { + user = "netdata"; + group = "netdata"; + mode = "0600"; + text = '' + [stream] + enabled = yes + destination = 10.1.1.20:19999 + api key = c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe + ''; + }; +} diff --git a/machines/public-cof/networking.nix b/machines/public-cof/networking.nix index 9fc556f..ff648e5 100644 --- a/machines/public-cof/networking.nix +++ b/machines/public-cof/networking.nix @@ -24,7 +24,11 @@ in { }]; }; interfaces.ens19 = { - useDHCP = true; + useDHCP = false; + ipv4.addresses = [{ + address = "10.1.1.21"; + prefixLength = 22; + }]; }; interfaces.ens20 = { diff --git a/machines/public-cof/nginx.nix b/machines/public-cof/nginx.nix index f5c3134..be7ef3b 100644 --- a/machines/public-cof/nginx.nix +++ b/machines/public-cof/nginx.nix @@ -1,16 +1,32 @@ { ... }: +let + mkCloudLocation = { from, cloudHost }: { + name = "/cal/${from}"; + value = { + extraConfig = '' + proxy_pass https://${cloudHost}/remote.php/dav/public-calendars/; + proxy_set_header Host ${cloudHost}; + ''; + }; + }; + clouds = [ + { from = "klub-reseau"; cloudHost = "nuage.beta.rz.ens.wtf"; } + { from = "eleves-ens"; cloudHost = "cloud.eleves.ens.fr"; } + ]; +in { services.nginx = { enable = true; + resolver = { + addresses = [ "1.1.1.1" ]; + }; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - # # Only allow PFS-enabled ciphers with AES256 - # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - virtualHosts = { "home.beta.rz.ens.wtf" = { serverAliases = [ "beta.rz.ens.wtf" ]; @@ -18,6 +34,7 @@ forceSSL = true; enableACME = true; root = "/var/public-cof/home"; + locations = builtins.listToAttrs (map mkCloudLocation clouds); }; }; };