cluster/services/websites: refactor and register blackbox check

This commit is contained in:
Max Headroom 2023-06-04 23:29:13 +02:00
parent 7f9742089b
commit ad0a3f8cc2
2 changed files with 45 additions and 40 deletions

View file

@ -1,10 +1,51 @@
{ depot, lib, tools, ... }:
let
inherit (tools.meta) domain;
importWebsites = expr: import expr {
tools = tools.nginx;
inherit (depot) packages;
};
websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix);
acmeUseDNS = name: conf: {
name = conf.useACMEHost or conf.serverName or name;
value = {
dnsProvider = "pdns";
webroot = null;
};
};
isACME = _: conf: conf ? enableACME && conf.enableACME;
in
{
services.websites = {
nodes = {
host = [ "checkmate" "thunderskin" "VEGAS" "prophet" ];
nodes.host = [ "checkmate" "thunderskin" "VEGAS" "prophet" ];
nixos.host = {
services.nginx.virtualHosts = websites;
security.acme.certs = lib.mapAttrs' acmeUseDNS (lib.filterAttrs isACME websites);
consul.services.nginx = {
mode = "external";
definition = {
name = "static-lb";
address = depot.reflection.interfaces.primary.addrPublic;
port = 443;
checks = lib.singleton {
interval = "60s";
tcp = "127.0.0.1:80";
};
nixos = {
host = ./host.nix;
};
};
};
};
monitoring.blackbox.targets = {
web = {
address = "https://www.${domain}";
module = "https2xx";
};
};
}

View file

@ -1,36 +0,0 @@
{ depot, lib, tools, ... }:
let
importWebsites = expr: import expr {
tools = tools.nginx;
inherit (depot) packages;
};
websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix);
acmeUseDNS = name: conf: {
name = conf.useACMEHost or conf.serverName or name;
value = {
dnsProvider = "pdns";
webroot = null;
};
};
isACME = _: conf: conf ? enableACME && conf.enableACME;
in {
services.nginx.virtualHosts = websites;
security.acme.certs = lib.mapAttrs' acmeUseDNS (lib.filterAttrs isACME websites);
consul.services.nginx = {
mode = "external";
definition = {
name = "static-lb";
address = depot.reflection.interfaces.primary.addrPublic;
port = 443;
checks = lib.singleton {
interval = "60s";
tcp = "127.0.0.1:80";
};
};
};
}