mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

chore: test all aspects of influxdb provisioning (and fix minor issues)

Browse source
This commit is contained in:
oddlama 2023-08-14 22:59:21 +02:00
parent d771b7cd82
commit 6a14451033
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 164 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

109
hosts/nom/default.nix
View file

@ -32,4 +32,113 @@
font = "ter-v28n"; font = "ter-v28n";
packages = [pkgs.terminus_font]; packages = [pkgs.terminus_font];
}; };
services.influxdb2 = {
enable = true;
settings = {
reporting-disabled = true;
http-bind-address = "localhost:8086";
};
initialSetup = {
enable = true;
organization = "servers";
bucket = "telegraf";
passwordFile = pkgs.writeText "tmp-pw" "ExAmPl3PA55W0rD";
tokenFile = pkgs.writeText "tmp-tok" "asroiuhoiuahnawo4unhasdorviuhngoiuhraoug";
};
deleteOrganizations = ["delorg"];
deleteBuckets = [
{
name = "delbucket";
org = "delorg";
}
];
deleteUsers = ["deluser"];
deleteRemotes = [
{
name = "delremote";
org = "delorg";
}
];
deleteReplications = [
{
name = "delreplication";
org = "delorg";
}
];
deleteApiTokens = [
{
name = "deltoken";
org = "delorg";
user = "deluser";
}
];
ensureOrganizations = [
{
name = "myorg";
description = "Myorg description";
}
#{
# name = "delorg";
#}
];
ensureBuckets = [
{
name = "mybucket";
org = "myorg";
description = "Mybucket description";
}
#{
# name = "delbucket";
# org = "delorg";
#}
];
ensureUsers = [
{
name = "myuser";
org = "myorg";
passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
}
#{
# name = "deluser";
# org = "delorg";
# passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
#}
];
#ensureRemotes = [
# {
# name = "delremote";
# org = "delorg";
# remoteUrl = "http://localhost:8087";
# remoteOrgId = "a1b2c3d4a1b2c3d4";
# remoteTokenFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
# }
#];
#ensureReplications = [
# {
# name = "delreplication";
# org = "delorg";
# remote = "delremote";
# localBucket = "delbucket";
# remoteBucket = "delbucket2";
# }
#];
ensureApiTokens = [
{
name = "mytoken";
org = "myorg";
user = "myuser";
readBuckets = ["mybucket"];
writeBuckets = ["mybucket"];
}
#{
# name = "deltoken";
# org = "delorg";
# user = "deluser";
# readBuckets = ["delbucket"];
# writeBuckets = ["delbucket"];
#}
];
};
} }

51
modules/meta/influxdb.nix
View file

@ -575,7 +575,7 @@ in {
${influxCli} auth list --json --org ${escapeShellArg apiToken.org} 2>/dev/null \ ${influxCli} auth list --json --org ${escapeShellArg apiToken.org} 2>/dev/null \
| ${getExe pkgs.jq} -r '.[] | select(.description | contains("${apiToken.id}")) | .id' | ${getExe pkgs.jq} -r '.[] | select(.description | contains("${apiToken.id}")) | .id'
) && [[ -n "$id" ]]; then ) && [[ -n "$id" ]]; then
${influxCli} auth delete --id "$id" &>/dev/null ${influxCli} auth delete --id "$id" >/dev/null
echo "Deleted api token id="${escapeShellArg apiToken.id} echo "Deleted api token id="${escapeShellArg apiToken.id}
fi fi
'') '')
@ -584,7 +584,7 @@ in {
${influxCli} replication list --json --org ${escapeShellArg replication.org} --name ${escapeShellArg replication.name} 2>/dev/null \ ${influxCli} replication list --json --org ${escapeShellArg replication.org} --name ${escapeShellArg replication.name} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} replication delete --id "$id" &>/dev/null ${influxCli} replication delete --id "$id" >/dev/null
echo "Deleted replication org="${escapeShellArg replication.org}" name="${escapeShellArg replication.name} echo "Deleted replication org="${escapeShellArg replication.org}" name="${escapeShellArg replication.name}
fi fi
'') '')
@ -593,7 +593,7 @@ in {
${influxCli} remote list --json --org ${escapeShellArg remote.org} --name ${escapeShellArg remote.name} 2>/dev/null \ ${influxCli} remote list --json --org ${escapeShellArg remote.org} --name ${escapeShellArg remote.name} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} remote delete --id "$id" &>/dev/null ${influxCli} remote delete --id "$id" >/dev/null
echo "Deleted remote org="${escapeShellArg remote.org}" name="${escapeShellArg remote.name} echo "Deleted remote org="${escapeShellArg remote.org}" name="${escapeShellArg remote.name}
fi fi
'') '')
@ -602,7 +602,7 @@ in {
${influxCli} user list --json --name ${escapeShellArg user} 2>/dev/null \ ${influxCli} user list --json --name ${escapeShellArg user} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} user delete --id "$id" &>/dev/null ${influxCli} user delete --id "$id" >/dev/null
echo "Deleted user name="${escapeShellArg user} echo "Deleted user name="${escapeShellArg user}
fi fi
'') '')
@ -611,7 +611,7 @@ in {
${influxCli} bucket list --json --org ${escapeShellArg bucket.org} --name ${escapeShellArg bucket.name} 2>/dev/null \ ${influxCli} bucket list --json --org ${escapeShellArg bucket.org} --name ${escapeShellArg bucket.name} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} bucket delete --id "$id" &>/dev/null ${influxCli} bucket delete --id "$id" >/dev/null
echo "Deleted bucket org="${escapeShellArg bucket.org}" name="${escapeShellArg bucket.name} echo "Deleted bucket org="${escapeShellArg bucket.org}" name="${escapeShellArg bucket.name}
fi fi
'') '')
@ -620,7 +620,7 @@ in {
${influxCli} org list --json --name ${escapeShellArg org} 2>/dev/null \ ${influxCli} org list --json --name ${escapeShellArg org} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} org delete --id "$id" &>/dev/null ${influxCli} org delete --id "$id" >/dev/null
echo "Deleted org name="${escapeShellArg org} echo "Deleted org name="${escapeShellArg org}
fi fi
'') '')
@ -639,9 +639,9 @@ in {
${influxCli} org list --json ${escapeShellArgs listArgs} 2>/dev/null \ ${influxCli} org list --json ${escapeShellArgs listArgs} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} org update --id "$id" ${escapeShellArgs updateArgs} &>/dev/null ${influxCli} org update --id "$id" ${escapeShellArgs updateArgs} >/dev/null
else else
${influxCli} org create ${escapeShellArgs createArgs} &>/dev/null ${influxCli} org create ${escapeShellArgs createArgs} >/dev/null
echo "Created org name="${escapeShellArg org.name} echo "Created org name="${escapeShellArg org.name}
fi fi
'') '')
@ -667,9 +667,9 @@ in {
${influxCli} bucket list --json ${escapeShellArgs listArgs} 2>/dev/null \ ${influxCli} bucket list --json ${escapeShellArgs listArgs} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} bucket update --id "$id" ${escapeShellArgs updateArgs} &>/dev/null ${influxCli} bucket update --id "$id" ${escapeShellArgs updateArgs} >/dev/null
else else
${influxCli} bucket create ${escapeShellArgs createArgs} &>/dev/null ${influxCli} bucket create ${escapeShellArgs createArgs} >/dev/null
echo "Created bucket org="${escapeShellArg bucket.org}" name="${escapeShellArg bucket.name} echo "Created bucket org="${escapeShellArg bucket.org}" name="${escapeShellArg bucket.name}
fi fi
'') '')
@ -692,13 +692,13 @@ in {
); then ); then
true # No updateable args true # No updateable args
else else
${influxCli} user create ${escapeShellArgs createArgs} &>/dev/null ${influxCli} user create ${escapeShellArgs createArgs} >/dev/null
echo "Created user name="${escapeShellArg user.name} echo "Created user name="${escapeShellArg user.name}
fi fi
'' ''
+ optionalString (user.passwordFile != null) '' + optionalString (user.passwordFile != null) ''
${influxCli} user password ${escapeShellArgs listArgs} \ ${influxCli} user password ${escapeShellArgs listArgs} \
--password "$(< ${escapeShellArg user.passwordFile})" &>/dev/null --password "$(< ${escapeShellArg user.passwordFile})" >/dev/null
'') '')
+ flip concatMapStrings cfg.ensureRemotes (remote: let + flip concatMapStrings cfg.ensureRemotes (remote: let
listArgs = [ listArgs = [
@ -726,7 +726,7 @@ in {
${influxCli} remote list --json ${escapeShellArgs listArgs} 2>/dev/null \ ${influxCli} remote list --json ${escapeShellArgs listArgs} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
); then ); then
${influxCli} remote update --id "$id" ${escapeShellArgs updateArgs} &>/dev/null \ ${influxCli} remote update --id "$id" ${escapeShellArgs updateArgs} >/dev/null \
--remote-api-token "$(< ${escapeShellArg remote.remoteTokenFile})" --remote-api-token "$(< ${escapeShellArg remote.remoteTokenFile})"
else else
extraArgs=() extraArgs=()
@ -735,12 +735,12 @@ in {
${influxCli} org list --json \ ${influxCli} org list --json \
--host ${escapeShellArg remote.remoteUrl} \ --host ${escapeShellArg remote.remoteUrl} \
--token "$(< ${escapeShellArg remote.remoteTokenFile})" \ --token "$(< ${escapeShellArg remote.remoteTokenFile})" \
--name ${escapeShellArg remote.remoteOrg} 2>/dev/null \ --name ${escapeShellArg remote.remoteOrg} \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
) )
extraArgs+=("--remote-org-id" "$remote_org_id") extraArgs+=("--remote-org-id" "$remote_org_id")
''} ''}
${influxCli} remote create ${escapeShellArgs createArgs} &>/dev/null \ ${influxCli} remote create ${escapeShellArgs createArgs} >/dev/null \
--remote-api-token "$(< ${escapeShellArg remote.remoteTokenFile})" \ --remote-api-token "$(< ${escapeShellArg remote.remoteTokenFile})" \
"''${extraArgs[@]}" "''${extraArgs[@]}"
echo "Created remote org="${escapeShellArg remote.org}" name="${escapeShellArg remote.name} echo "Created remote org="${escapeShellArg remote.org}" name="${escapeShellArg remote.name}
@ -756,8 +756,6 @@ in {
createArgs = createArgs =
listArgs listArgs
++ [ ++ [
"--local-bucket"
replication.localBucket
"--remote-bucket" "--remote-bucket"
replication.remoteBucket replication.remoteBucket
]; ];
@ -769,11 +767,16 @@ in {
true # No updateable args true # No updateable args
else else
remote_id=$( remote_id=$(
${influxCli} remote list --json --name ${escapeShellArg replication.remote} 2>/dev/null \ ${influxCli} remote list --json --org ${escapeShellArg replication.org} --name ${escapeShellArg replication.remote} \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
) )
${influxCli} replication create ${escapeShellArgs createArgs} &>/dev/null \ local_bucket_id=$(
--remote-id "$remote_id" ${influxCli} bucket list --json --org ${escapeShellArg replication.org} --name ${escapeShellArg replication.localBucket} \
| ${getExe pkgs.jq} -r ".[0].id"
)
${influxCli} replication create ${escapeShellArgs createArgs} >/dev/null \
--remote-id "$remote_id" \
--local-bucket-id "$local_bucket_id"
echo "Created replication org="${escapeShellArg replication.org}" name="${escapeShellArg replication.name} echo "Created replication org="${escapeShellArg replication.org}" name="${escapeShellArg replication.name}
fi fi
'') '')
@ -796,15 +799,15 @@ in {
++ map (x: "--write-${x}") apiToken.writePermissions; ++ map (x: "--write-${x}") apiToken.writePermissions;
in '' in ''
if id=$( if id=$(
${influxCli} apiToken list --json ${escapeShellArgs listArgs} 2>/dev/null \ ${influxCli} auth list --json --org ${escapeShellArg apiToken.org} 2>/dev/null \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r '.[] | select(.description | contains("${apiToken.id}")) | .id'
); then ); then
true # No updateable args true # No updateable args
else else
declare -A bucketIds declare -A bucketIds
${flip concatMapStrings (unique (apiToken.readBuckets ++ apiToken.writeBuckets)) (bucket: '' ${flip concatMapStrings (unique (apiToken.readBuckets ++ apiToken.writeBuckets)) (bucket: ''
bucketIds[${escapeShellArg bucket}]=$( bucketIds[${escapeShellArg bucket}]=$(
${influxCli} bucket list --json --org ${escapeShellArg apiToken.org} --name ${escapeShellArg bucket} 2>/dev/null \ ${influxCli} bucket list --json --org ${escapeShellArg apiToken.org} --name ${escapeShellArg bucket} \
| ${getExe pkgs.jq} -r ".[0].id" | ${getExe pkgs.jq} -r ".[0].id"
) )
'')} '')}
@ -816,7 +819,7 @@ in {
"--write-bucket" "''${bucketIds[${escapeShellArg bucket}]}" "--write-bucket" "''${bucketIds[${escapeShellArg bucket}]}"
'')} '')}
) )
${influxCli} auth create ${escapeShellArgs createArgs} &>/dev/null \ ${influxCli} auth create ${escapeShellArgs createArgs} >/dev/null \
"''${extraArgs[@]}" "''${extraArgs[@]}"
echo "Created api token org="${escapeShellArg apiToken.org}" user="${escapeShellArg apiToken.user} echo "Created api token org="${escapeShellArg apiToken.org}" user="${escapeShellArg apiToken.user}
fi fi

28
modules/meta/kanidm.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
lib,
...
}: let
inherit
(lib)
assertMsg
filter
genAttrs
hasInfix
head
mdDoc
mkIf
mkOption
removeSuffix
types
;
in {
options.services.kanidm.provision = {
enable = mkEnableOption "provisioning of systems, groups and users";
systems = {
};
};
config = {
};
}