Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity

public-cof: add monitoring, deploy home.beta.rz.ens.wtf properly

Browse source
This commit is contained in:
Raito Bezarius 2022-03-05 23:16:54 +01:00
parent e1e8401160
commit e03a3f16f8
5 changed files with 57 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
krops.nix
View file

@ -31,5 +31,5 @@ let
in {} in {}
// mkDeploy "core-services-01" "root@10.1.1.20" // mkDeploy "core-services-01" "root@10.1.1.20"
// mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf" // mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf"
// mkDeploy "public-cof" "root@minecraft.beta.rz.ens.wtf" // mkDeploy "public-cof" "root@beta.rz.ens.wtf"
// mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ] // mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ]

1
machines/public-cof/configuration.nix
View file

@ -8,6 +8,7 @@
./system.nix ./system.nix
./acme.nix ./acme.nix
./networking.nix ./networking.nix
./monitoring.nix
./nextcloud.nix ./nextcloud.nix
./minecraft.nix ./minecraft.nix
./nur.nix ./nur.nix

30
machines/public-cof/monitoring.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, ... }:
{
services.netdata = {
enable = true;
config = {
global."memory mode" = "none";
web = {
mode = "none";
"accept a streaming request every seconds" = 0;
};
};
};
systemd.services.netdata.restartTriggers = map (v: config.environment.etc."netdata/${v}.conf".source) [
"stream"
];
environment.etc."netdata/stream.conf" = {
user = "netdata";
group = "netdata";
mode = "0600";
text = ''
[stream]
enabled = yes
destination = 10.1.1.20:19999
api key = c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe
'';
};
}

6
machines/public-cof/networking.nix
View file

@ -24,7 +24,11 @@ in {
}]; }];
}; };
interfaces.ens19 = { interfaces.ens19 = {
useDHCP = true; useDHCP = false;
ipv4.addresses = [{
address = "10.1.1.21";
prefixLength = 22;
}];
}; };
interfaces.ens20 = { interfaces.ens20 = {

23
machines/public-cof/nginx.nix
View file

@ -1,16 +1,32 @@
{ ... }: { ... }:
let
mkCloudLocation = { from, cloudHost }: {
name = "/cal/${from}";
value = {
extraConfig = ''
proxy_pass https://${cloudHost}/remote.php/dav/public-calendars/;
proxy_set_header Host ${cloudHost};
'';
};
};
clouds = [
{ from = "klub-reseau"; cloudHost = "nuage.beta.rz.ens.wtf"; }
{ from = "eleves-ens"; cloudHost = "cloud.eleves.ens.fr"; }
];
in
{ {
services.nginx = { services.nginx = {
enable = true; enable = true;
resolver = {
addresses = [ "1.1.1.1" ];
};
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
# # Only allow PFS-enabled ciphers with AES256
# sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = { virtualHosts = {
"home.beta.rz.ens.wtf" = { "home.beta.rz.ens.wtf" = {
serverAliases = [ "beta.rz.ens.wtf" ]; serverAliases = [ "beta.rz.ens.wtf" ];
@ -18,6 +34,7 @@
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/public-cof/home"; root = "/var/public-cof/home";
locations = builtins.listToAttrs (map mkCloudLocation clouds);
}; };
}; };
}; };