cluster/services/websites: refactor and register blackbox check

2023-06-04 23:29:13 +02:00 · 2023-06-04 23:29:13 +02:00 · ad0a3f8cc2
commit ad0a3f8cc2
parent 7f9742089b
2 changed files with 45 additions and 40 deletions
--- a/cluster/services/websites/default.nix
+++ b/cluster/services/websites/default.nix
@ -1,10 +1,51 @@
+{ depot, lib, tools, ... }:
+
+let
+  inherit (tools.meta) domain;
+
+  importWebsites = expr: import expr {
+    tools = tools.nginx;
+    inherit (depot) packages;
+  };
+
+  websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix);
+
+  acmeUseDNS = name: conf: {
+    name = conf.useACMEHost or conf.serverName or name;
+    value = {
+      dnsProvider = "pdns";
+      webroot = null;
+    };
+  };
+
+  isACME = _: conf: conf ? enableACME && conf.enableACME;
+in
+
 {
  services.websites = {
-    nodes = {
-      host = [ "checkmate" "thunderskin" "VEGAS" "prophet" ];
+    nodes.host = [ "checkmate" "thunderskin" "VEGAS" "prophet" ];
+    nixos.host = {
+      services.nginx.virtualHosts = websites;
+      security.acme.certs = lib.mapAttrs' acmeUseDNS (lib.filterAttrs isACME websites);
+      consul.services.nginx = {
+        mode = "external";
+        definition = {
+          name = "static-lb";
+          address = depot.reflection.interfaces.primary.addrPublic;
+          port = 443;
+          checks = lib.singleton {
+            interval = "60s";
+            tcp = "127.0.0.1:80";
+          };
+        };
+      };
    };
-    nixos = {
-      host = ./host.nix;
+  };
+
+  monitoring.blackbox.targets = {
+    web = {
+      address = "https://www.${domain}";
+      module = "https2xx";
    };
  };
 }
--- a/cluster/services/websites/host.nix
+++ b/cluster/services/websites/host.nix
@ -1,36 +0,0 @@
-{ depot, lib, tools, ... }:
-
-let
-  importWebsites = expr: import expr {
-    tools = tools.nginx;
-    inherit (depot) packages;
-  };
-
-  websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix);
-
-  acmeUseDNS = name: conf: {
-    name = conf.useACMEHost or conf.serverName or name;
-    value = {
-      dnsProvider = "pdns";
-      webroot = null;
-    };
-  };
-
-  isACME = _: conf: conf ? enableACME && conf.enableACME;
-in {
-  services.nginx.virtualHosts = websites;
-  security.acme.certs = lib.mapAttrs' acmeUseDNS (lib.filterAttrs isACME websites);
-
-  consul.services.nginx = {
-    mode = "external";
-    definition = {
-      name = "static-lb";
-      address = depot.reflection.interfaces.primary.addrPublic;
-      port = 443;
-      checks = lib.singleton {
-        interval = "60s";
-        tcp = "127.0.0.1:80";
-      };
-    };
-  };
-}