From 0dcb89c5bbd9b27370431131144e89662a9aed1a Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Tue, 25 Aug 2020 17:41:04 +0300 Subject: [PATCH] Added backbone of monitoring implementation --- static/configuration.nix | 1 + static/goss.nix | 15 +++++++++++++++ static/server.sh | 9 ++++++++- validate.sh | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 static/goss.nix create mode 100755 validate.sh diff --git a/static/configuration.nix b/static/configuration.nix index 0d1ef75..d15c13f 100644 --- a/static/configuration.nix +++ b/static/configuration.nix @@ -2,6 +2,7 @@ imports = [ ./hardware-configuration.nix ./mailserver.nix + ./goss.nix ]; diff --git a/static/goss.nix b/static/goss.nix new file mode 100644 index 0000000..1bbfe5e --- /dev/null +++ b/static/goss.nix @@ -0,0 +1,15 @@ +{ pkgs ? import {} }: +pkgs.stdenv.mkDerivation { + name = "goss"; + src = pkgs.fetchurl { + url = "https://github.com/aelsabbahy/goss/releases/download/v0.3.13/goss-linux-amd64"; + sha256 = "1q0kfdbifffszikcl0warzmqvsbx4bg19l9a3vv6yww2jvzj4dgb"; + }; + phases = ["installPhase" "patchPhase"]; + installPhase = '' + mkdir -p $out/bin + cp $src $out/bin/goss + chmod +x $out/bin/goss + cp $out/bin/goss . + ''; +} diff --git a/static/server.sh b/static/server.sh index 2f52e73..bde7125 100755 --- a/static/server.sh +++ b/static/server.sh @@ -62,7 +62,7 @@ MakeConfig() sed -i '31s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix sed -i '41s/.*/\t "admin@'"$DOMAIN"'" = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix sed -i '63s/.*/ email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix - sed -i "15s,.*,\t\"${sshKey}\"," configuration.nix + sed -i "16s,.*,\t\"${sshKey}\"," configuration.nix } MakeServer() @@ -90,6 +90,7 @@ ApplyConfig() ssh -i ~/.nix-ms/id_rsa "root@$machineip" echo "Authentificated" scp -i ~/.nix-ms/id_rsa mailserver.nix "root@$machineip:/root" scp -i ~/.nix-ms/id_rsa configuration.nix "root@$machineip:/root" + scp -i ~/.nix-ms/id_rsa goss.yaml "root@$machineip:/root" ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/mailserver.nix /etc/nixos/mailserver.nix ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/configuration.nix /etc/nixos/configuration.nix sleep 3 @@ -169,6 +170,12 @@ CreateDKIMRecord() } +PostInstallation() +{ + ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/result/bin/goss /root/ + ssh -i ~/.nix-ms/id_rsa "root@$machineip" /root/goss serve & +} + CollectData InstallDependencies GenerateSSHKey diff --git a/validate.sh b/validate.sh new file mode 100755 index 0000000..65b1728 --- /dev/null +++ b/validate.sh @@ -0,0 +1,37 @@ +#!/bin/bash +export DOMAIN=scipttestingengine.tk +export CLOUDFLARE_EMAIL=ilchub5@gmail.com +export CLOUDFLARE_TOKEN=d170e27d9743cf741551beaff9aa2455417a6 +export HETZNER_TOKEN=TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH +#curl \ +# -X DELETE \ +# -H "Authorization: Bearer TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH" \ +# 'https://api.hetzner.cloud/v1/servers/{id}' + +curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: ilchub5@gmail.com" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json + +#jq '.result[0].id' .cloudflare_records.json + +export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) +curl -X GET "https://api.cloudflare.com/client/v4/zones/'$zoneid'/dns_records" -H "X-Auth-Email: ilchub5@gmail.com" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_records.json + +for i in `seq 0 4` +do + curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/'"(jq '.result['$i'].id' .cloudflare_records.json | (sed -e 's/^"//' -e 's/"$//')')"'" \ + -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ + -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ + -H "Content-Type: application/json" +done + +curl \ + -H "Authorization: Bearer $HETZNER_TOKEN" \ + 'https://api.hetzner.cloud/v1/servers' > .hetzner_machines.json + +export machineid=$( for i in {0..24}; do jq 'if .servers['$i'].name == "nixos-mailserver" then .servers['$i'].id else null end' ) + +curl \ + -X DELETE \ + -H "Authorization: Bearer $API_TOKEN" \ + 'https://api.hetzner.cloud/v1/servers/$machineid' + +bash <(curl -s https://selfprivacy.org/server.sh)