feat(modules): Generalize redirections

2024-04-23 22:02:04 +02:00 · 2024-04-23 22:02:04 +02:00 · 3f928ce90b
commit 3f928ce90b
parent dd10a8e2fe
4 changed files with 143 additions and 103 deletions
--- a/machines/rescue01/uptime-kuma.nix
+++ b/machines/rescue01/uptime-kuma.nix
@ -1,17 +1,29 @@
 {
+  config,
  lib,
  nodes,
-  config,
  sources,
  ...
 }:
 let
+  inherit (lib)
+    concatLists
+    mapAttrsToList
+    mkForce
+    mkMerge
+    ;
+
  inherit (config.statelessUptimeKuma.lib)
    pingProbesFromHive
    fromHive
    httpProbesFromConfig
    probesWithTag
    ;
+
+  probesCfg = config.statelessUptimeKuma.probesConfig;
+
+  mkMonitors = name: builtins.attrNames (probesWithTag { inherit name; } probesCfg);
+
  host = "status.dgnum.eu";

  port = 3001;
@ -24,14 +36,15 @@ let
    "cdn.dgnum.eu"
    "saml-idp.dgnum.eu"
    "status.dgnum.eu"
-  ] ++ nodes.web01.config.dgn-redirections.retired;
+  ] ++ (concatLists (mapAttrsToList (_: { config, ... }: config.dgn-redirections.retired) nodes));

  extraProbes = {
    monitors = {
      "prometheus.dgnum.eu" = {
-        type = lib.mkForce "http";
+        type = mkForce "http";
        accepted_statuscodes = [ "401" ];
      };
+
      "api.meet.dgnum.eu" = {
        keyword = "Crab Fit API";
      };
@ -47,23 +60,17 @@ let
        {
          name = "Services";
          weight = 1;
-          monitorList = builtins.attrNames (
-            probesWithTag { name = "Service"; } config.statelessUptimeKuma.probesConfig
-          );
+          monitorList = mkMonitors "Service";
        }
        {
          name = "Serveurs";
          weight = 2;
-          monitorList = builtins.attrNames (
-            probesWithTag { name = "Ping"; } config.statelessUptimeKuma.probesConfig
-          );
+          monitorList = mkMonitors "Ping";
        }
        {
          name = "VPN Interne";
          weight = 2;
-          monitorList = builtins.attrNames (
-            probesWithTag { name = "VPN"; } config.statelessUptimeKuma.probesConfig
-          );
+          monitorList = mkMonitors "VPN";
        }
      ];
    };
@ -111,6 +118,7 @@ in
 {
  imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ];
  nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ];
+
  services.uptime-kuma.enable = true;

  services.nginx = {
@ -132,17 +140,16 @@ in
  ];

  statelessUptimeKuma = {
-    probesConfig = lib.mkMerge [
+    probesConfig = mkMerge [
      pingProbes
      httpProbes
      extraProbes
      vpnProbes
      { inherit status_pages; }
    ];
-    extraFlags = [
-      "-v DEBUG"
-      "-s"
-    ];
+
+    extraFlags = [ "-s" ];
+
    host = "http://localhost:${builtins.toString port}/";
    username = "dgnum";
    passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
--- a/machines/web01/redirections.nix
+++ b/machines/web01/redirections.nix
@ -1,92 +1,60 @@
-{ lib, config, ... }:
+_:

 let
-  retired_host = "retired.dgnum.eu";
+  retiredHost = "retired.dgnum.eu";

-  mkRetired =
-    hosts:
-    builtins.listToAttrs (
-      builtins.map (name: {
-        inherit name;
-        value = {
-          enableACME = true;
-          forceSSL = true;
-          locations."/".return = "301 https://${retired_host}/${name}";
-        };
-      }) hosts
+  mkSubs =
+    attrs:
+    builtins.concatLists (
+      builtins.attrValues (builtins.mapAttrs (domain: builtins.map (s: "${s}.${domain}")) attrs)
    );
-
-  mkSub = domain: builtins.map (s: "${s}.${domain}");
-  mkSubs = attrs: builtins.concatLists (builtins.attrValues (builtins.mapAttrs mkSub attrs));
-
-  mkRedirection =
-    _:
-    { to }:
-    {
-      globalRedirect = to;
-      enableACME = true;
-      forceSSL = true;
-    };
-
-  cfg = config.dgn-redirections;
 in
-{
-  options.dgn-redirections = {
-    redirections = lib.mkOption {
-      type =
-        with lib.types;
-        attrsOf (submodule {
-          options.to = lib.mkOption { type = str; };
-        });
-      default = { };
-    };
-    retired = lib.mkOption {
-      type = with lib.types; listOf str;
-      default = [ ];
-    };
-  };
-  config = {
-    dgn-redirections = {
-      redirections = {
-        "calendrier.eleves.ens.fr".to = "calendrier.dgnum.eu";
-        "docs.beta.rz.ens.wtf".to = "pads.dgnum.eu";
-        "git.rz.ens.wtf".to = "git.dgnum.eu";
-        "notion.rz.ens.wtf".to = "docs.dgnum.eu";
-        "nuage.beta.rz.ens.wtf".to = "cloud.dgnum.eu";
-        "rdv.dgnum.eu".to = "meet.dgnum.eu";
-        "www.bda.ens.fr".to = "bda.ens.fr";
-        "bda.wp.dgnum.eu".to = "bda.ens.fr";
-        "www.tuteurs.ens.fr".to = "tuteurs.ens.fr";
-        "www.interq.ens.fr".to = "interq.ens.fr";
-        "www.lanuit.ens.fr".to = "lanuit.ens.fr";
-      };

-      retired = mkSubs {
-        "ens.fr" = [
-          "alevins"
-          "www.climatenavigator"
-        ];
-        "ens.wtf" = [ "photos" ];
-        "rz.ens.wtf" = [
-          "s3"
-          "cdn"
-        ];
-        "beta.rz.ens.wtf" = [
-          "todo"
-          "minecraft"
-          "factorio"
-          "home"
-          "pads"
-          "api.pads"
-          "files.pads"
-          "sandbox.pads"
-          "jurisprudens"
-          "rstudio"
-        ];
-      };
+{
+  dgn-redirections = {
+    inherit retiredHost;
+
+    redirections = {
+      "calendrier.eleves.ens.fr" = "calendrier.dgnum.eu";
+      "docs.beta.rz.ens.wtf" = "pads.dgnum.eu";
+      "git.rz.ens.wtf" = "git.dgnum.eu";
+      "notion.rz.ens.wtf" = "docs.dgnum.eu";
+      "nuage.beta.rz.ens.wtf" = "cloud.dgnum.eu";
+      "rdv.dgnum.eu" = "meet.dgnum.eu";
+      "www.bda.ens.fr" = "bda.ens.fr";
+      "bda.wp.dgnum.eu" = "bda.ens.fr";
+      "www.tuteurs.ens.fr" = "tuteurs.ens.fr";
+      "www.interq.ens.fr" = "interq.ens.fr";
+      "www.lanuit.ens.fr" = "lanuit.ens.fr";
+    };
+
+    retired = mkSubs {
+      "ens.fr" = [
+        "alevins"
+        "www.climatenavigator"
+      ];
+
+      "ens.wtf" = [ "photos" ];
+
+      "rz.ens.wtf" = [
+        "s3"
+        "cdn"
+      ];
+
+      "beta.rz.ens.wtf" = [
+        "todo"
+        "minecraft"
+        "factorio"
+        "home"
+        "pads"
+        "api.pads"
+        "files.pads"
+        "sandbox.pads"
+        "jurisprudens"
+        "rstudio"
+      ];
    };
-    services.nginx.virtualHosts = {
-      ${retired_host}.default = true;
-    } // (builtins.mapAttrs mkRedirection cfg.redirections) // (mkRetired cfg.retired);
  };
+
+  services.nginx.virtualHosts.${retiredHost}.default = true;
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -48,14 +48,15 @@
      "dgn-console"
      "dgn-fail2ban"
      "dgn-hardware"
-      "dgn-node-monitoring"
-      "dgn-notify"
      "dgn-netbox-agent"
      "dgn-network"
+      "dgn-node-monitoring"
+      "dgn-notify"
      "dgn-records"
+      "dgn-redirections"
      "dgn-ssh"
-      "dgn-web"
      "dgn-vm-variant"
+      "dgn-web"
    ])
    ++ [
      "${sources.agenix}/modules/age.nix"
--- a/modules/dgn-redirections/default.nix
+++ b/modules/dgn-redirections/default.nix
@ -0,0 +1,64 @@
+{ config, lib, ... }:
+
+let
+  inherit (lib) mkOption;
+
+  inherit (lib.types) attrsOf listOf str;
+
+  mkRetired =
+    hosts:
+    builtins.listToAttrs (
+      builtins.map (name: {
+        inherit name;
+        value = {
+          enableACME = true;
+          forceSSL = true;
+          locations."/".return = "301 https://${cfg.retiredHost}/${name}";
+        };
+      }) hosts
+    );
+
+  mkRedirection = _: globalRedirect: {
+    inherit globalRedirect;
+
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  cfg = config.dgn-redirections;
+in
+
+{
+  options.dgn-redirections = {
+    redirections = mkOption {
+      type = attrsOf str;
+      default = { };
+      description = ''
+        Attribute set of redirections, for:
+        { a = b; },
+        a redirection from a to b will be made.
+      '';
+    };
+
+    retired = mkOption {
+      type = listOf str;
+      default = [ ];
+      description = ''
+        List of retired domains, they will we redirected to `retired.dgnum.eu/$host`.
+      '';
+    };
+
+    retiredHost = mkOption {
+      type = str;
+      default = "retired.dgnum.eu";
+      description = ''
+        Host used for the redirections of retired services.
+      '';
+    };
+  };
+
+  config = {
+    services.nginx.virtualHosts =
+      (builtins.mapAttrs mkRedirection cfg.redirections) // (mkRetired cfg.retired);
+  };
+}