services: add ofborg, currently running rabbitmq only
This commit is contained in:
parent
512cfdb43e
commit
7f46e5d9a4
|
@ -39,6 +39,8 @@
|
||||||
|
|
||||||
hydra.enable = true;
|
hydra.enable = true;
|
||||||
hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra";
|
hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra";
|
||||||
|
|
||||||
|
ofborg.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hydra
|
|
||||||
./postgres
|
|
||||||
./netbox
|
|
||||||
./gerrit
|
./gerrit
|
||||||
|
./hydra
|
||||||
./monitoring
|
./monitoring
|
||||||
|
./netbox
|
||||||
|
./ofborg
|
||||||
|
./postgres
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
35
services/ofborg/default.nix
Normal file
35
services/ofborg/default.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.bagel.services.ofborg;
|
||||||
|
|
||||||
|
amqpHost = "amqp.forkos.org";
|
||||||
|
amqpPort = 5671;
|
||||||
|
in {
|
||||||
|
options.bagel.services.ofborg = with lib; {
|
||||||
|
enable = mkEnableOption "ofborg coordinator";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.rabbitmq = {
|
||||||
|
enable = true;
|
||||||
|
configItems = {
|
||||||
|
"listeners.tcp" = "none";
|
||||||
|
"listeners.ssl.default" = builtins.toString amqpPort;
|
||||||
|
|
||||||
|
"ssl_options.certfile" = "${config.security.acme.certs.${amqpHost}.directory}/cert.pem";
|
||||||
|
"ssl_options.keyfile" = "${config.security.acme.certs.${amqpHost}.directory}/key.pem";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme.certs.${amqpHost} = {
|
||||||
|
webroot = "/var/lib/acme/.challenges";
|
||||||
|
group = "rabbitmq";
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts.${amqpHost}.locations."/.well-known/acme-challenge".root =
|
||||||
|
"/var/lib/acme/.challenges";
|
||||||
|
systemd.services.rabbitmq.requires = ["acme-finished-${amqpHost}.target"];
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ amqpPort ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -61,9 +61,9 @@ in
|
||||||
(record "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
|
(record "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
|
||||||
(record "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
|
(record "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
|
||||||
|
|
||||||
(record "hydra" 3600 "CNAME" ["bagel-box.infra"])
|
(record "amqp" 3600 "CNAME" ["bagel-box.infra"])
|
||||||
|
|
||||||
(record "grafana" 3600 "CNAME" ["meta01.infra"])
|
(record "grafana" 3600 "CNAME" ["meta01.infra"])
|
||||||
|
(record "hydra" 3600 "CNAME" ["bagel-box.infra"])
|
||||||
(record "loki" 3600 "CNAME" ["meta01.infra"])
|
(record "loki" 3600 "CNAME" ["meta01.infra"])
|
||||||
(record "mimir" 3600 "CNAME" ["meta01.infra"])
|
(record "mimir" 3600 "CNAME" ["meta01.infra"])
|
||||||
(record "matrix" 3600 "CNAME" ["meta01.infra"])
|
(record "matrix" 3600 "CNAME" ["meta01.infra"])
|
||||||
|
|
Loading…
Reference in a new issue