forked from mirrors_public/oddlama_nix-config
chore: test all aspects of influxdb provisioning (and fix minor issues)
This commit is contained in:
oddlama
parent
d771b7cd82
commit
6a14451033
3 changed files with 164 additions and 24 deletions
|
|
@ -32,4 +32,113 @@
|
|||
font = "ter-v28n";
|
||||
packages = [pkgs.terminus_font];
|
||||
};
|
||||
|
||||
services.influxdb2 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
reporting-disabled = true;
|
||||
http-bind-address = "localhost:8086";
|
||||
};
|
||||
initialSetup = {
|
||||
enable = true;
|
||||
organization = "servers";
|
||||
bucket = "telegraf";
|
||||
|
||||
passwordFile = pkgs.writeText "tmp-pw" "ExAmPl3PA55W0rD";
|
||||
tokenFile = pkgs.writeText "tmp-tok" "asroiuhoiuahnawo4unhasdorviuhngoiuhraoug";
|
||||
};
|
||||
deleteOrganizations = ["delorg"];
|
||||
deleteBuckets = [
|
||||
{
|
||||
name = "delbucket";
|
||||
org = "delorg";
|
||||
}
|
||||
];
|
||||
deleteUsers = ["deluser"];
|
||||
deleteRemotes = [
|
||||
{
|
||||
name = "delremote";
|
||||
org = "delorg";
|
||||
}
|
||||
];
|
||||
deleteReplications = [
|
||||
{
|
||||
name = "delreplication";
|
||||
org = "delorg";
|
||||
}
|
||||
];
|
||||
deleteApiTokens = [
|
||||
{
|
||||
name = "deltoken";
|
||||
org = "delorg";
|
||||
user = "deluser";
|
||||
}
|
||||
];
|
||||
ensureOrganizations = [
|
||||
{
|
||||
name = "myorg";
|
||||
description = "Myorg description";
|
||||
}
|
||||
#{
|
||||
# name = "delorg";
|
||||
#}
|
||||
];
|
||||
ensureBuckets = [
|
||||
{
|
||||
name = "mybucket";
|
||||
org = "myorg";
|
||||
description = "Mybucket description";
|
||||
}
|
||||
#{
|
||||
# name = "delbucket";
|
||||
# org = "delorg";
|
||||
#}
|
||||
];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "myuser";
|
||||
org = "myorg";
|
||||
passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
|
||||
}
|
||||
#{
|
||||
# name = "deluser";
|
||||
# org = "delorg";
|
||||
# passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
|
||||
#}
|
||||
];
|
||||
#ensureRemotes = [
|
||||
# {
|
||||
# name = "delremote";
|
||||
# org = "delorg";
|
||||
# remoteUrl = "http://localhost:8087";
|
||||
# remoteOrgId = "a1b2c3d4a1b2c3d4";
|
||||
# remoteTokenFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
|
||||
# }
|
||||
#];
|
||||
#ensureReplications = [
|
||||
# {
|
||||
# name = "delreplication";
|
||||
# org = "delorg";
|
||||
# remote = "delremote";
|
||||
# localBucket = "delbucket";
|
||||
# remoteBucket = "delbucket2";
|
||||
# }
|
||||
#];
|
||||
ensureApiTokens = [
|
||||
{
|
||||
name = "mytoken";
|
||||
org = "myorg";
|
||||
user = "myuser";
|
||||
readBuckets = ["mybucket"];
|
||||
writeBuckets = ["mybucket"];
|
||||
}
|
||||
#{
|
||||
# name = "deltoken";
|
||||
# org = "delorg";
|
||||
# user = "deluser";
|
||||
# readBuckets = ["delbucket"];
|
||||
# writeBuckets = ["delbucket"];
|
||||
#}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -575,7 +575,7 @@ in {
|
|||
${influxCli} auth list --json --org ${escapeShellArg apiToken.org} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r '.[] | select(.description | contains("${apiToken.id}")) | .id'
|
||||
) && [[ -n "$id" ]]; then
|
||||
${influxCli} auth delete --id "$id" &>/dev/null
|
||||
${influxCli} auth delete --id "$id" >/dev/null
|
||||
echo "Deleted api token id="${escapeShellArg apiToken.id}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -584,7 +584,7 @@ in {
|
|||
${influxCli} replication list --json --org ${escapeShellArg replication.org} --name ${escapeShellArg replication.name} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} replication delete --id "$id" &>/dev/null
|
||||
${influxCli} replication delete --id "$id" >/dev/null
|
||||
echo "Deleted replication org="${escapeShellArg replication.org}" name="${escapeShellArg replication.name}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -593,7 +593,7 @@ in {
|
|||
${influxCli} remote list --json --org ${escapeShellArg remote.org} --name ${escapeShellArg remote.name} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} remote delete --id "$id" &>/dev/null
|
||||
${influxCli} remote delete --id "$id" >/dev/null
|
||||
echo "Deleted remote org="${escapeShellArg remote.org}" name="${escapeShellArg remote.name}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -602,7 +602,7 @@ in {
|
|||
${influxCli} user list --json --name ${escapeShellArg user} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} user delete --id "$id" &>/dev/null
|
||||
${influxCli} user delete --id "$id" >/dev/null
|
||||
echo "Deleted user name="${escapeShellArg user}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -611,7 +611,7 @@ in {
|
|||
${influxCli} bucket list --json --org ${escapeShellArg bucket.org} --name ${escapeShellArg bucket.name} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} bucket delete --id "$id" &>/dev/null
|
||||
${influxCli} bucket delete --id "$id" >/dev/null
|
||||
echo "Deleted bucket org="${escapeShellArg bucket.org}" name="${escapeShellArg bucket.name}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -620,7 +620,7 @@ in {
|
|||
${influxCli} org list --json --name ${escapeShellArg org} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} org delete --id "$id" &>/dev/null
|
||||
${influxCli} org delete --id "$id" >/dev/null
|
||||
echo "Deleted org name="${escapeShellArg org}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -639,9 +639,9 @@ in {
|
|||
${influxCli} org list --json ${escapeShellArgs listArgs} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} org update --id "$id" ${escapeShellArgs updateArgs} &>/dev/null
|
||||
${influxCli} org update --id "$id" ${escapeShellArgs updateArgs} >/dev/null
|
||||
else
|
||||
${influxCli} org create ${escapeShellArgs createArgs} &>/dev/null
|
||||
${influxCli} org create ${escapeShellArgs createArgs} >/dev/null
|
||||
echo "Created org name="${escapeShellArg org.name}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -667,9 +667,9 @@ in {
|
|||
${influxCli} bucket list --json ${escapeShellArgs listArgs} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} bucket update --id "$id" ${escapeShellArgs updateArgs} &>/dev/null
|
||||
${influxCli} bucket update --id "$id" ${escapeShellArgs updateArgs} >/dev/null
|
||||
else
|
||||
${influxCli} bucket create ${escapeShellArgs createArgs} &>/dev/null
|
||||
${influxCli} bucket create ${escapeShellArgs createArgs} >/dev/null
|
||||
echo "Created bucket org="${escapeShellArg bucket.org}" name="${escapeShellArg bucket.name}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -692,13 +692,13 @@ in {
|
|||
); then
|
||||
true # No updateable args
|
||||
else
|
||||
${influxCli} user create ${escapeShellArgs createArgs} &>/dev/null
|
||||
${influxCli} user create ${escapeShellArgs createArgs} >/dev/null
|
||||
echo "Created user name="${escapeShellArg user.name}
|
||||
fi
|
||||
''
|
||||
+ optionalString (user.passwordFile != null) ''
|
||||
${influxCli} user password ${escapeShellArgs listArgs} \
|
||||
--password "$(< ${escapeShellArg user.passwordFile})" &>/dev/null
|
||||
--password "$(< ${escapeShellArg user.passwordFile})" >/dev/null
|
||||
'')
|
||||
+ flip concatMapStrings cfg.ensureRemotes (remote: let
|
||||
listArgs = [
|
||||
|
|
@ -726,7 +726,7 @@ in {
|
|||
${influxCli} remote list --json ${escapeShellArgs listArgs} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
); then
|
||||
${influxCli} remote update --id "$id" ${escapeShellArgs updateArgs} &>/dev/null \
|
||||
${influxCli} remote update --id "$id" ${escapeShellArgs updateArgs} >/dev/null \
|
||||
--remote-api-token "$(< ${escapeShellArg remote.remoteTokenFile})"
|
||||
else
|
||||
extraArgs=()
|
||||
|
|
@ -735,12 +735,12 @@ in {
|
|||
${influxCli} org list --json \
|
||||
--host ${escapeShellArg remote.remoteUrl} \
|
||||
--token "$(< ${escapeShellArg remote.remoteTokenFile})" \
|
||||
--name ${escapeShellArg remote.remoteOrg} 2>/dev/null \
|
||||
--name ${escapeShellArg remote.remoteOrg} \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
)
|
||||
extraArgs+=("--remote-org-id" "$remote_org_id")
|
||||
''}
|
||||
${influxCli} remote create ${escapeShellArgs createArgs} &>/dev/null \
|
||||
${influxCli} remote create ${escapeShellArgs createArgs} >/dev/null \
|
||||
--remote-api-token "$(< ${escapeShellArg remote.remoteTokenFile})" \
|
||||
"''${extraArgs[@]}"
|
||||
echo "Created remote org="${escapeShellArg remote.org}" name="${escapeShellArg remote.name}
|
||||
|
|
@ -756,8 +756,6 @@ in {
|
|||
createArgs =
|
||||
listArgs
|
||||
++ [
|
||||
"--local-bucket"
|
||||
replication.localBucket
|
||||
"--remote-bucket"
|
||||
replication.remoteBucket
|
||||
];
|
||||
|
|
@ -769,11 +767,16 @@ in {
|
|||
true # No updateable args
|
||||
else
|
||||
remote_id=$(
|
||||
${influxCli} remote list --json --name ${escapeShellArg replication.remote} 2>/dev/null \
|
||||
${influxCli} remote list --json --org ${escapeShellArg replication.org} --name ${escapeShellArg replication.remote} \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
)
|
||||
${influxCli} replication create ${escapeShellArgs createArgs} &>/dev/null \
|
||||
--remote-id "$remote_id"
|
||||
local_bucket_id=$(
|
||||
${influxCli} bucket list --json --org ${escapeShellArg replication.org} --name ${escapeShellArg replication.localBucket} \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
)
|
||||
${influxCli} replication create ${escapeShellArgs createArgs} >/dev/null \
|
||||
--remote-id "$remote_id" \
|
||||
--local-bucket-id "$local_bucket_id"
|
||||
echo "Created replication org="${escapeShellArg replication.org}" name="${escapeShellArg replication.name}
|
||||
fi
|
||||
'')
|
||||
|
|
@ -796,15 +799,15 @@ in {
|
|||
++ map (x: "--write-${x}") apiToken.writePermissions;
|
||||
in ''
|
||||
if id=$(
|
||||
${influxCli} apiToken list --json ${escapeShellArgs listArgs} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
${influxCli} auth list --json --org ${escapeShellArg apiToken.org} 2>/dev/null \
|
||||
| ${getExe pkgs.jq} -r '.[] | select(.description | contains("${apiToken.id}")) | .id'
|
||||
); then
|
||||
true # No updateable args
|
||||
else
|
||||
declare -A bucketIds
|
||||
${flip concatMapStrings (unique (apiToken.readBuckets ++ apiToken.writeBuckets)) (bucket: ''
|
||||
bucketIds[${escapeShellArg bucket}]=$(
|
||||
${influxCli} bucket list --json --org ${escapeShellArg apiToken.org} --name ${escapeShellArg bucket} 2>/dev/null \
|
||||
${influxCli} bucket list --json --org ${escapeShellArg apiToken.org} --name ${escapeShellArg bucket} \
|
||||
| ${getExe pkgs.jq} -r ".[0].id"
|
||||
)
|
||||
'')}
|
||||
|
|
@ -816,7 +819,7 @@ in {
|
|||
"--write-bucket" "''${bucketIds[${escapeShellArg bucket}]}"
|
||||
'')}
|
||||
)
|
||||
${influxCli} auth create ${escapeShellArgs createArgs} &>/dev/null \
|
||||
${influxCli} auth create ${escapeShellArgs createArgs} >/dev/null \
|
||||
"''${extraArgs[@]}"
|
||||
echo "Created api token org="${escapeShellArg apiToken.org}" user="${escapeShellArg apiToken.user}
|
||||
fi
|
||||
|
|
|
|||
28
modules/meta/kanidm.nix
Normal file
28
modules/meta/kanidm.nix
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit
|
||||
(lib)
|
||||
assertMsg
|
||||
filter
|
||||
genAttrs
|
||||
hasInfix
|
||||
head
|
||||
mdDoc
|
||||
mkIf
|
||||
mkOption
|
||||
removeSuffix
|
||||
types
|
||||
;
|
||||
in {
|
||||
options.services.kanidm.provision = {
|
||||
enable = mkEnableOption "provisioning of systems, groups and users";
|
||||
systems = {
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue