services: add ofborg, currently running rabbitmq only

2024-07-08 23:55:11 +02:00 · 2024-07-08 23:55:11 +02:00 · 7f46e5d9a4
parent 512cfdb43e
commit 7f46e5d9a4
4 changed files with 43 additions and 5 deletions
--- a/hosts/bagel-box/default.nix
+++ b/hosts/bagel-box/default.nix
@ -39,6 +39,8 @@

    hydra.enable = true;
    hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra";
+
+    ofborg.enable = true;
  };

  security.acme.acceptTerms = true;
--- a/services/default.nix
+++ b/services/default.nix
@ -1,9 +1,10 @@
 {
  imports = [
-    ./hydra
-    ./postgres
-    ./netbox
    ./gerrit
+    ./hydra
    ./monitoring
+    ./netbox
+    ./ofborg
+    ./postgres
  ];
 }
--- a/services/ofborg/default.nix
+++ b/services/ofborg/default.nix
@ -0,0 +1,35 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.bagel.services.ofborg;
+
+  amqpHost = "amqp.forkos.org";
+  amqpPort = 5671;
+in {
+  options.bagel.services.ofborg = with lib; {
+    enable = mkEnableOption "ofborg coordinator";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.rabbitmq = {
+      enable = true;
+      configItems = {
+        "listeners.tcp" = "none";
+        "listeners.ssl.default" = builtins.toString amqpPort;
+
+        "ssl_options.certfile" = "${config.security.acme.certs.${amqpHost}.directory}/cert.pem";
+        "ssl_options.keyfile" = "${config.security.acme.certs.${amqpHost}.directory}/key.pem";
+      };
+    };
+
+    security.acme.certs.${amqpHost} = {
+      webroot = "/var/lib/acme/.challenges";
+      group = "rabbitmq";
+    };
+    services.nginx.virtualHosts.${amqpHost}.locations."/.well-known/acme-challenge".root =
+      "/var/lib/acme/.challenges";
+    systemd.services.rabbitmq.requires = ["acme-finished-${amqpHost}.target"];
+
+    networking.firewall.allowedTCPPorts = [ amqpPort ];
+  };
+}
--- a/terraform/gandi.nix
+++ b/terraform/gandi.nix
@ -61,9 +61,9 @@ in
      (record "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
      (record "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])

-      (record "hydra" 3600 "CNAME" ["bagel-box.infra"])
-
+      (record "amqp" 3600 "CNAME" ["bagel-box.infra"])
      (record "grafana" 3600 "CNAME" ["meta01.infra"])
+      (record "hydra" 3600 "CNAME" ["bagel-box.infra"])
      (record "loki" 3600 "CNAME" ["meta01.infra"])
      (record "mimir" 3600 "CNAME" ["meta01.infra"])
      (record "matrix" 3600 "CNAME" ["meta01.infra"])