imp: add networkteam svr, just recipes, mod blackbox static config

input-output-hk · Apr 25, 2024 · d147d43 · d147d43
1 parent 1ab27b6
commit d147d43
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 10 deletions.
diff --git a/Justfile b/Justfile
@@ -26,6 +26,10 @@ apply *ARGS:
 apply-all *ARGS:
   colmena apply --keep-result --verbose {{ARGS}}
 
+apply-bootstrap *ARGS:
+  #!/usr/bin/env bash
+  SSH_CONFIG=<(sed -i '6i IdentityFile .ssh_key' .ssh_config) colmena apply --verbose --on {{ARGS}}
+
 build-machine MACHINE *ARGS:
   nix build -L .#nixosConfigurations.{{MACHINE}}.config.system.build.toplevel {{ARGS}}
 
@@ -119,7 +123,7 @@ show-nameservers:
 save-bootstrap-ssh-key:
   #!/usr/bin/env nu
   print "Retrieving ssh key from tofu..."
-  nix build ".#opentofu.$WORKSPACE" --out-link tofu.tf.json
+  nix build $".#opentofu.($env.WORKSPACE)" --out-link tofu.tf.json
   tofu workspace select -or-create cluster
   tofu init -reconfigure
   let tf = (tofu show -json | from json)
@@ -130,7 +134,7 @@ save-bootstrap-ssh-key:
 save-ssh-config:
   #!/usr/bin/env nu
   print "Retrieving ssh config from tofu..."
-  nix build ".#opentofu.$WORKSPACE" --out-link tofu.tf.json
+  nix build $".#opentofu.($env.WORKSPACE)" --out-link tofu.tf.json
   tofu workspace select -or-create cluster
   # tofu init -reconfigure
   let tf = (tofu show -json | from json)

diff --git a/flake.lock b/flake.lock
diff --git a/flake/cluster.nix b/flake/cluster.nix
@@ -46,6 +46,9 @@
 
         # Storing Mimir metrics for the mainnet cluster.
         mainnet = "${profile}-mainnet";
+
+        # Storing Mimir metrics for the networkteam cluster.
+        networkteam = "${profile}-networkteam";
       };
     };
 

diff --git a/flake/colmena.nix b/flake/colmena.nix
@@ -47,5 +47,8 @@
 
     # Provides a place to store and view metrics for https://github.com/input-output-hk/cardano-mainnet
     mainnet = {};
+
+    # Provides a place to store and view metrics for https://github.com/input-output-hk/ouroboros-network-ops
+    networkteam = {};
   };
 }
diff --git a/flake/nixosModules/common.nix b/flake/nixosModules/common.nix
@@ -269,11 +269,15 @@
                     metrics_path = "/probe";
                     params.module = ["https_2xx"];
                     scrape_interval = "1m";
-                    static_configs = [
-                      {
-                        targets = import (inputs."cardano-${name}" + "/flake/terraform/grafana/blackbox/blackbox.nix-import");
-                      }
-                    ];
+                    static_configs = let
+                      blackboxPath = (inputs."cardano-${name}") + "/flake/terraform/grafana/blackbox/blackbox.nix-import";
+                    in
+                      lib.mkIf (builtins.hasAttr "cardano-${name}" inputs && builtins.pathExists blackboxPath)
+                      [
+                        {
+                          targets = import blackboxPath;
+                        }
+                      ];
                     relabel_configs = [
                       {
                         source_labels = ["__address__"];

diff --git a/secrets/caddy-environment-networkteam.enc b/secrets/caddy-environment-networkteam.enc
@@ -0,0 +1,22 @@
+{
+	"data": "ENC[AES256_GCM,data:dIwbKfKHFcFgshANJIJ0Q4sMrGYdPgJYT2jS4zWa/jSA7dfeHYMs1hO+tX1CVgZfQgn6WONjgtxXLHrZK2XHCYUBikYACPmV+JI5FtuYn6ZJwdeiDarXm9ZQGr691kbiSMkuv5LRV65dYA0zgetp4ICBaaBbRHHLHcA0xmiCleHS0GP/Yfsf83tp9mbJ4BR7KdZ7OmHfPNuImmyUjC4IuCzVR5+ghJs8I716atTN8bCAC/MfG5TvDrwDInlRc933I2rRaM5MO00gSTJY1WWkXEj06FsFCUlqBjccUZBmVjsJlBRNsxHDaY5Y8Z/4oOvktg8gZ1tFSIA2VpOTY6yHQIpSIAFGDlqk5Hd3J1g4udTcWkJRFF5g/OPwId3Bs7GCIGfYpTK3GOSPW4fmxYk=,iv:toMOy08vcjRaDc1zczaZAKRyGbtw799VgzvWFg8GS7U=,tag:I+5LLZXz8EFMaImVeoD1XA==,type:str]",
+	"sops": {
+		"kms": [
+			{
+				"arn": "arn:aws:kms:eu-central-1:463886338519:alias/kmsKey",
+				"created_at": "2023-12-14T17:23:06Z",
+				"enc": "AQICAHgvfnO+wlcXYoD+bXoOtLaOdiwzl0zs7N1eXxZo3hhaEwGwufHjewI022yEtK6yI3/cAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM+4KQLk7fvhr+6XfrAgEQgDvewAxg7XxuvQ506XgfCRc3OR3jBmqKD0bi/pCLY7by2BIRpxqeA43tFzrX3rmxAmFY1wM3VLVV+1QHsg==",
+				"aws_profile": ""
+			}
+		],
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2024-04-24T00:50:04Z",
+		"mac": "ENC[AES256_GCM,data:ZZgxeH/j/wAaSzoDmcJzalbtXj4fIkrDWWwzT8F/bRL7xgBWpgdltg/AYYrOIQx38V5Q+fBt7zpLXAyouH8+u3tYlYhkKcDYcLvpK6csdy/6sM7R4XxaMpfG5e1Ag3Uqqg4dql6M4sGJUveOZ6QN0LbqIvWEEUbmAsUK3vEU7Yg=,iv:heE0fevMmy+avz0RN9k6rVv5xw5huJqnE5Xs3CSZZD0=,tag:Tw66omKKoVcW1u5KAF89xg==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}