public-cof: add monitoring, deploy home.beta.rz.ens.wtf properly

2022-03-05 23:16:54 +01:00 · 2022-03-05 23:16:54 +01:00 · e03a3f16f8
commit e03a3f16f8
parent e1e8401160
5 changed files with 57 additions and 5 deletions
--- a/krops.nix
+++ b/krops.nix
@ -31,5 +31,5 @@ let
 in {}
 // mkDeploy "core-services-01" "root@10.1.1.20"
 // mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf"
-// mkDeploy "public-cof" "root@minecraft.beta.rz.ens.wtf"
+// mkDeploy "public-cof" "root@beta.rz.ens.wtf"
 // mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ]
--- a/machines/public-cof/configuration.nix
+++ b/machines/public-cof/configuration.nix
@ -8,6 +8,7 @@
      ./system.nix
      ./acme.nix
      ./networking.nix
+      ./monitoring.nix
      ./nextcloud.nix
      ./minecraft.nix
      ./nur.nix
--- a/machines/public-cof/monitoring.nix
+++ b/machines/public-cof/monitoring.nix
@ -0,0 +1,30 @@
+{ config, ... }:
+{
+  services.netdata = {
+    enable = true;
+    config = {
+      global."memory mode" = "none";
+      web = {
+        mode = "none";
+        "accept a streaming request every seconds" = 0;
+      };
+    };
+  };
+
+  systemd.services.netdata.restartTriggers = map (v: config.environment.etc."netdata/${v}.conf".source) [
+    "stream"
+  ];
+
+  
+  environment.etc."netdata/stream.conf" = {
+    user = "netdata";
+    group = "netdata";
+    mode = "0600";
+    text = ''
+      [stream]
+        enabled = yes
+        destination = 10.1.1.20:19999
+        api key = c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe
+    '';
+  };
+}
--- a/machines/public-cof/networking.nix
+++ b/machines/public-cof/networking.nix
@ -24,7 +24,11 @@ in {
      }];
    };
    interfaces.ens19 = {
-      useDHCP = true;
+      useDHCP = false;
+      ipv4.addresses = [{
+        address = "10.1.1.21";
+        prefixLength = 22;
+      }];
    };

    interfaces.ens20 = {
--- a/machines/public-cof/nginx.nix
+++ b/machines/public-cof/nginx.nix
@ -1,16 +1,32 @@
 { ... }:
+let
+  mkCloudLocation = { from, cloudHost }: {
+    name = "/cal/${from}";
+    value = {
+      extraConfig = ''
+        proxy_pass https://${cloudHost}/remote.php/dav/public-calendars/;
+        proxy_set_header Host ${cloudHost};
+      '';
+    };
+  };
+  clouds = [
+    { from = "klub-reseau"; cloudHost = "nuage.beta.rz.ens.wtf"; }
+    { from = "eleves-ens"; cloudHost = "cloud.eleves.ens.fr"; }
+  ];
+in
 {
  services.nginx = {
    enable = true;

+    resolver = { 
+      addresses = [ "1.1.1.1" ];
+    };
+
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

-    # # Only allow PFS-enabled ciphers with AES256
-    # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
    virtualHosts = {
      "home.beta.rz.ens.wtf" = {
        serverAliases = [ "beta.rz.ens.wtf" ];
@ -18,6 +34,7 @@
        forceSSL = true;
        enableACME = true;
        root = "/var/public-cof/home";
+        locations = builtins.listToAttrs (map mkCloudLocation clouds);
      };
    };
  };