Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 09a3e5b6179f524963b2786d4c7f2fc6f50e2b6f / . / core / installer / tasks / infra.go
blob: e71de44105f697e77911ceffafcd584ebe5e125a [file] [log] [blame]
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]1package tasks
2
3import (
4 "fmt"
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]5 "strings"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]6
7 "github.com/miekg/dns"
8
9 "github.com/giolekva/pcloud/core/installer"
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]10 "github.com/giolekva/pcloud/core/installer/soft"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]11)
12
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]13var initGroups = []string{"admin"}
14
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]15func CreateRepoClient(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]16 t := newLeafTask("Create repo client", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]17 r, err := st.ssClient.GetRepo("config")
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]18 if err != nil {
19 return err
20 }
gio308105e2024-04-19 13:12:13 +0400[diff] [blame]21 appManager, err := installer.NewAppManager(r, st.nsCreator, "/apps")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]22 if err != nil {
23 return err
24 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]25 st.appManager = appManager
26 st.appsRepo = installer.NewInMemoryAppRepository(installer.CreateAllApps())
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]27 return nil
28 })
Giorgi Lekveishviliab7ff6e2024-03-29 13:11:30 +0400[diff] [blame]29 t.beforeStart = func() {
30 st.infoListener("Setting up core infrastructure services.")
31 }
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]32 return &t
33}
34
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]35func SetupInfra(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]36 return newConcurrentParentTask(
37 "Setup core services",
38 true,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]39 SetupNetwork(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]40 SetupCertificateIssuers(env, st),
41 SetupAuth(env, st),
42 SetupGroupMemberships(env, st),
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]43 SetupHeadscale(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]44 SetupWelcome(env, st),
45 SetupAppStore(env, st),
Davit Tabidze56f86a42024-04-09 19:15:25 +0400[diff] [blame]46 SetupLauncher(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]47 )
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]48}
49
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]50func CommitEnvironmentConfiguration(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]51 t := newLeafTask("commit config", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]52 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]53 if err != nil {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]54 return err
55 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]56 r.Do(func(r soft.RepoFS) (string, error) {
57 if err := soft.WriteYaml(r, "config.yaml", env); err != nil {
58 return "", err
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]59 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]60 out, err := r.Writer("pcloud-charts.yaml")
61 if err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]62 return "", err
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]63 }
64 defer out.Close()
65 _, err = fmt.Fprintf(out, `
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]66apiVersion: source.toolkit.fluxcd.io/v1
67kind: GitRepository
68metadata:
69 name: pcloud
70 namespace: %s
71spec:
72 interval: 1m0s
73 url: https://github.com/giolekva/pcloud
74 ref:
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]75 branch: main
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]76`, env.Id)
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]77 if err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]78 return "", err
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]79 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]80 rootKust, err := soft.ReadKustomization(r, "kustomization.yaml")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]81 if err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]82 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]83 }
84 rootKust.AddResources("pcloud-charts.yaml")
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]85 if err := soft.WriteYaml(r, "kustomization.yaml", rootKust); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]86 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]87 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]88 return "configure charts repo", nil
89 })
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]90 return nil
91 })
92 return &t
93}
94
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]95type firstAccount struct {
96 Created bool `json:"created"`
97 Groups []string `json:"groups"`
98}
99
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]100func ConfigureFirstAccount(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]101 t := newLeafTask("Configure first account settings", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]102 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]103 if err != nil {
104 return err
105 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]106 return r.Do(func(r soft.RepoFS) (string, error) {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]107 fa := firstAccount{false, initGroups}
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]108 if err := soft.WriteYaml(r, "first-account.yaml", fa); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]109 return "", err
110 }
111 return "first account membership configuration", nil
112 })
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]113 })
114 return &t
115}
116
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]117func SetupNetwork(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]118 t := newLeafTask("Setup private and public networks", func() error {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]119 {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]120 app, err := installer.FindEnvApp(st.appsRepo, "metallb-ipaddresspool")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]121 if err != nil {
122 return err
123 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]124 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]125 instanceId := fmt.Sprintf("%s-ingress-private", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]126 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]127 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]128 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]129 "name": fmt.Sprintf("%s-ingress-private", env.Id),
130 "from": env.Network.Ingress.String(),
131 "to": env.Network.Ingress.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]132 "autoAssign": false,
133 "namespace": "metallb-system",
134 }); err != nil {
135 return err
136 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]137 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]138 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]139 instanceId := fmt.Sprintf("%s-headscale", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]140 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]141 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]142 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]143 "name": fmt.Sprintf("%s-headscale", env.Id),
144 "from": env.Network.Headscale.String(),
145 "to": env.Network.Headscale.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]146 "autoAssign": false,
147 "namespace": "metallb-system",
148 }); err != nil {
149 return err
150 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]151 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]152 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]153 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]154 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]155 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]156 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]157 "name": env.Id,
158 "from": env.Network.ServicesFrom.String(),
159 "to": env.Network.ServicesTo.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]160 "autoAssign": false,
161 "namespace": "metallb-system",
162 }); err != nil {
163 return err
164 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]165 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]166 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]167 {
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]168 keys, err := installer.NewSSHKeyPair("port-allocator")
169 if err != nil {
170 return err
171 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]172 user := fmt.Sprintf("%s-port-allocator", env.Id)
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]173 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
174 return err
175 }
176 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
177 return err
178 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]179 app, err := installer.FindEnvApp(st.appsRepo, "private-network")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]180 if err != nil {
181 return err
182 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]183 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]184 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]185 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]186 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]187 "privateNetwork": map[string]any{
188 "hostname": "private-network-proxy",
189 "username": "private-network-proxy",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]190 "ipSubnet": fmt.Sprintf("%s.0/24", strings.Join(strings.Split(env.Network.DNS.String(), ".")[:3], ".")),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]191 },
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]192 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]193 }); err != nil {
194 return err
195 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]196 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]197 return nil
198 })
199 return &t
200}
201
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]202func SetupCertificateIssuers(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]203 pub := newLeafTask(fmt.Sprintf("Public %s", env.Domain), func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]204 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-public")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]205 if err != nil {
206 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]207 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]208 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]209 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]210 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]211 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{}); err != nil {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]212 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]213 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]214 return nil
215 })
216 priv := newLeafTask(fmt.Sprintf("Private p.%s", env.Domain), func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]217 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-private")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]218 if err != nil {
219 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]220 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]221 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]222 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]223 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]224 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{}); err != nil {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]225 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]226 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]227 return nil
228 })
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]229 return newSequentialParentTask("Configure TLS certificate issuers", false, &pub, &priv)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]230}
231
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]232func SetupAuth(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]233 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]234 app, err := installer.FindEnvApp(st.appsRepo, "core-auth")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]235 if err != nil {
236 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]237 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]238 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]239 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]240 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]241 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]242 "subdomain": "test", // TODO(giolekva): make core-auth chart actually use this
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]243 }); err != nil {
244 return err
245 }
246 return nil
247 })
248 return newSequentialParentTask(
249 "Authentication services",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]250 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]251 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]252 waitForAddr(st.httpClient, fmt.Sprintf("https://accounts-ui.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]253 )
254}
255
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]256func SetupGroupMemberships(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]257 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]258 app, err := installer.FindEnvApp(st.appsRepo, "memberships")
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]259 if err != nil {
260 return err
261 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]262 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]263 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]264 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]265 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]266 "authGroups": strings.Join(initGroups, ","),
267 }); err != nil {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]268 return err
269 }
270 return nil
271 })
272 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]273 "Group membership",
274 false,
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]275 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]276 waitForAddr(st.httpClient, fmt.Sprintf("https://memberships.p.%s", env.Domain)),
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]277 )
278}
279
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame^]280func SetupLauncher(env installer.EnvConfig, st *state) Task {
281 t := newLeafTask("Setup", func() error {
282 user := fmt.Sprintf("%s-launcher", env.Id)
283 keys, err := installer.NewSSHKeyPair(user)
284 if err != nil {
285 return err
286 }
287 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
288 return err
289 }
290 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
291 return err
292 }
293 app, err := installer.FindEnvApp(st.appsRepo, "launcher")
294 if err != nil {
295 return err
296 }
297 instanceId := app.Slug()
298 appDir := fmt.Sprintf("/apps/%s", instanceId)
299 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
300 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
301 "repoAddr": st.ssClient.GetRepoAddress("config"),
302 "sshPrivateKey": string(keys.RawPrivateKey()),
303 }); err != nil {
304 return err
305 }
306 return nil
307 })
308 return newSequentialParentTask(
309 "Launcher",
310 false,
311 &t,
312 waitForAddr(st.httpClient, fmt.Sprintf("https://launcher.%s", env.Domain)),
313 )
314}
315
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]316func SetupHeadscale(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]317 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]318 app, err := installer.FindEnvApp(st.appsRepo, "headscale")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]319 if err != nil {
320 return err
321 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]322 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]323 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]324 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]325 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]326 "subdomain": "headscale",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]327 "ipSubnet": fmt.Sprintf("%s/24", env.Network.DNS.String()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]328 }); err != nil {
329 return err
330 }
331 return nil
332 })
333 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]334 "Setup mesh VPN",
335 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]336 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]337 waitForAddr(st.httpClient, fmt.Sprintf("https://headscale.%s/apple", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]338 )
339}
340
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]341func SetupWelcome(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]342 t := newLeafTask("Setup", func() error {
343 keys, err := installer.NewSSHKeyPair("welcome")
344 if err != nil {
345 return err
346 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]347 user := fmt.Sprintf("%s-welcome", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]348 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
349 return err
350 }
351 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
352 return err
353 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]354 app, err := installer.FindEnvApp(st.appsRepo, "welcome")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]355 if err != nil {
356 return err
357 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]358 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]359 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]360 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]361 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]362 "repoAddr": st.ssClient.GetRepoAddress("config"),
363 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]364 }); err != nil {
365 return err
366 }
367 return nil
368 })
369 return newSequentialParentTask(
370 "Welcome service",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]371 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]372 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]373 waitForAddr(st.httpClient, fmt.Sprintf("https://welcome.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]374 )
375}
376
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]377func SetupAppStore(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]378 t := newLeafTask("Application marketplace", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]379 user := fmt.Sprintf("%s-appmanager", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]380 keys, err := installer.NewSSHKeyPair(user)
381 if err != nil {
382 return err
383 }
384 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
385 return err
386 }
387 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
388 return err
389 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]390 app, err := installer.FindEnvApp(st.appsRepo, "app-manager") // TODO(giolekva): configure
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]391 if err != nil {
392 return err
393 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]394 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]395 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]396 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]397 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]398 "repoAddr": st.ssClient.GetRepoAddress("config"),
399 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili3c91e8b2024-03-25 20:20:14 +0400[diff] [blame]400 "authGroups": strings.Join(initGroups, ","),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]401 }); err != nil {
402 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]403 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]404 return nil
405 })
406 return &t
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]407}
408
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]409// TODO(gio-dns): remove
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]410type DNSSecKey struct {
411 Basename string `json:"basename,omitempty"`
412 Key []byte `json:"key,omitempty"`
413 Private []byte `json:"private,omitempty"`
414 DS []byte `json:"ds,omitempty"`
415}
416
417func newDNSSecKey(zone string) (DNSSecKey, error) {
418 key := &dns.DNSKEY{
419 Hdr: dns.RR_Header{Name: dns.Fqdn(zone), Class: dns.ClassINET, Ttl: 3600, Rrtype: dns.TypeDNSKEY},
420 Algorithm: dns.ECDSAP256SHA256, Flags: 257, Protocol: 3,
421 }
422 priv, err := key.Generate(256)
423 if err != nil {
424 return DNSSecKey{}, err
425 }
426 return DNSSecKey{
427 Basename: fmt.Sprintf("K%s+%03d+%05d", key.Header().Name, key.Algorithm, key.KeyTag()),
428 Key: []byte(key.String()),
429 Private: []byte(key.PrivateKeyString(priv)),
430 DS: []byte(key.ToDS(dns.SHA256).String()),
431 }, nil
432}