diff --git a/hosts/bagel-box/default.nix b/hosts/bagel-box/default.nix index 8c45c61..232dd13 100644 --- a/hosts/bagel-box/default.nix +++ b/hosts/bagel-box/default.nix @@ -39,6 +39,8 @@ hydra.enable = true; hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra"; + + ofborg.enable = true; }; security.acme.acceptTerms = true; diff --git a/services/default.nix b/services/default.nix index 0f0954d..a377c97 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,9 +1,10 @@ { imports = [ - ./hydra - ./postgres - ./netbox ./gerrit + ./hydra ./monitoring + ./netbox + ./ofborg + ./postgres ]; } diff --git a/services/ofborg/default.nix b/services/ofborg/default.nix new file mode 100644 index 0000000..b8f8341 --- /dev/null +++ b/services/ofborg/default.nix @@ -0,0 +1,35 @@ +{ config, lib, ... }: + +let + cfg = config.bagel.services.ofborg; + + amqpHost = "amqp.forkos.org"; + amqpPort = 5671; +in { + options.bagel.services.ofborg = with lib; { + enable = mkEnableOption "ofborg coordinator"; + }; + + config = lib.mkIf cfg.enable { + services.rabbitmq = { + enable = true; + configItems = { + "listeners.tcp" = "none"; + "listeners.ssl.default" = builtins.toString amqpPort; + + "ssl_options.certfile" = "${config.security.acme.certs.${amqpHost}.directory}/cert.pem"; + "ssl_options.keyfile" = "${config.security.acme.certs.${amqpHost}.directory}/key.pem"; + }; + }; + + security.acme.certs.${amqpHost} = { + webroot = "/var/lib/acme/.challenges"; + group = "rabbitmq"; + }; + services.nginx.virtualHosts.${amqpHost}.locations."/.well-known/acme-challenge".root = + "/var/lib/acme/.challenges"; + systemd.services.rabbitmq.requires = ["acme-finished-${amqpHost}.target"]; + + networking.firewall.allowedTCPPorts = [ amqpPort ]; + }; +} diff --git a/terraform/gandi.nix b/terraform/gandi.nix index c3ee37d..52c3640 100644 --- a/terraform/gandi.nix +++ b/terraform/gandi.nix @@ -61,9 +61,9 @@ in (record "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"]) (record "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"]) - (record "hydra" 3600 "CNAME" ["bagel-box.infra"]) - + (record "amqp" 3600 "CNAME" ["bagel-box.infra"]) (record "grafana" 3600 "CNAME" ["meta01.infra"]) + (record "hydra" 3600 "CNAME" ["bagel-box.infra"]) (record "loki" 3600 "CNAME" ["meta01.infra"]) (record "mimir" 3600 "CNAME" ["meta01.infra"]) (record "matrix" 3600 "CNAME" ["meta01.infra"])