Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 608148d0414fd65e8dadeccc07093e3e4e9e6321 / . / core / installer / tasks / infra.go
blob: 9d0c011b8b30535b35c699bd1e33bc03d0673064 [file] [log] [blame]
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]1package tasks
2
3import (
4 "fmt"
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]5 "strings"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]6
7 "github.com/miekg/dns"
8
9 "github.com/giolekva/pcloud/core/installer"
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]10 "github.com/giolekva/pcloud/core/installer/soft"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]11)
12
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]13var initGroups = []string{"admin"}
14
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]15func CreateRepoClient(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]16 t := newLeafTask("Create repo client", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]17 r, err := st.ssClient.GetRepo("config")
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]18 if err != nil {
19 return err
20 }
giof8843412024-05-22 16:38:05 +0400[diff] [blame]21 appManager, err := installer.NewAppManager(r, st.nsCreator, st.jc, st.hf, "/apps")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]22 if err != nil {
23 return err
24 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]25 st.appManager = appManager
26 st.appsRepo = installer.NewInMemoryAppRepository(installer.CreateAllApps())
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]27 return nil
28 })
Giorgi Lekveishviliab7ff6e2024-03-29 13:11:30 +0400[diff] [blame]29 t.beforeStart = func() {
30 st.infoListener("Setting up core infrastructure services.")
31 }
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]32 return &t
33}
34
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]35func SetupInfra(env installer.EnvConfig, st *state) Task {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]36 tasks := []Task{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]37 SetupNetwork(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]38 SetupCertificateIssuers(env, st),
39 SetupAuth(env, st),
40 SetupGroupMemberships(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]41 SetupWelcome(env, st),
42 SetupAppStore(env, st),
Davit Tabidze56f86a42024-04-09 19:15:25 +0400[diff] [blame]43 SetupLauncher(env, st),
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]44 }
45 if env.PrivateDomain != "" {
46 tasks = append(tasks, SetupHeadscale(env, st))
47 }
48 return newConcurrentParentTask(
49 "Setup core services",
50 true,
51 tasks...,
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]52 )
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]53}
54
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]55func CommitEnvironmentConfiguration(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]56 t := newLeafTask("commit config", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]57 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]58 if err != nil {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]59 return err
60 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]61 r.Do(func(r soft.RepoFS) (string, error) {
62 if err := soft.WriteYaml(r, "config.yaml", env); err != nil {
63 return "", err
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]64 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]65 rootKust, err := soft.ReadKustomization(r, "kustomization.yaml")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]66 if err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]67 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]68 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]69 if err := soft.WriteYaml(r, "kustomization.yaml", rootKust); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]70 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]71 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]72 return "configure charts repo", nil
73 })
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]74 return nil
75 })
76 return &t
77}
78
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]79type firstAccount struct {
80 Created bool `json:"created"`
gio2728e402024-08-01 18:14:21 +0400[diff] [blame]81 Domain string `json:"domain"`
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]82 Groups []string `json:"groups"`
83}
84
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]85func ConfigureFirstAccount(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]86 t := newLeafTask("Configure first account settings", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]87 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]88 if err != nil {
89 return err
90 }
giob4a3a192024-08-19 09:55:47 +0400[diff] [blame]91 _, err = r.Do(func(r soft.RepoFS) (string, error) {
gio2728e402024-08-01 18:14:21 +0400[diff] [blame]92 fa := firstAccount{false, env.Domain, initGroups}
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]93 if err := soft.WriteYaml(r, "first-account.yaml", fa); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]94 return "", err
95 }
96 return "first account membership configuration", nil
97 })
giob4a3a192024-08-19 09:55:47 +0400[diff] [blame]98 return err
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]99 })
100 return &t
101}
102
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]103func SetupNetwork(env installer.EnvConfig, st *state) Task {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]104 t := newLeafTask("Setup networks", func() error {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]105 {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]106 app, err := installer.FindEnvApp(st.appsRepo, "metallb-ipaddresspool")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]107 if err != nil {
108 return err
109 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]110 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]111 instanceId := fmt.Sprintf("%s-ingress-private", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]112 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]113 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]114 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]115 "name": fmt.Sprintf("%s-ingress-private", env.Id),
116 "from": env.Network.Ingress.String(),
117 "to": env.Network.Ingress.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]118 "autoAssign": false,
119 "namespace": "metallb-system",
120 }); err != nil {
121 return err
122 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]123 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]124 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]125 instanceId := fmt.Sprintf("%s-headscale", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]126 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]127 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]128 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]129 "name": fmt.Sprintf("%s-headscale", env.Id),
130 "from": env.Network.Headscale.String(),
131 "to": env.Network.Headscale.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]132 "autoAssign": false,
133 "namespace": "metallb-system",
134 }); err != nil {
135 return err
136 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]137 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]138 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]139 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]140 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]141 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]142 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]143 "name": env.Id,
144 "from": env.Network.ServicesFrom.String(),
145 "to": env.Network.ServicesTo.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]146 "autoAssign": false,
147 "namespace": "metallb-system",
148 }); err != nil {
149 return err
150 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]151 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]152 }
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]153 if env.PrivateDomain != "" {
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]154 keys, err := installer.NewSSHKeyPair("port-allocator")
155 if err != nil {
156 return err
157 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]158 user := fmt.Sprintf("%s-port-allocator", env.Id)
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]159 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
160 return err
161 }
162 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
163 return err
164 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]165 app, err := installer.FindEnvApp(st.appsRepo, "private-network")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]166 if err != nil {
167 return err
168 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]169 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]170 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]171 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]172 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]173 "privateNetwork": map[string]any{
174 "hostname": "private-network-proxy",
175 "username": "private-network-proxy",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]176 "ipSubnet": fmt.Sprintf("%s.0/24", strings.Join(strings.Split(env.Network.DNS.String(), ".")[:3], ".")),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]177 },
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]178 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]179 }); err != nil {
180 return err
181 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]182 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]183 return nil
184 })
185 return &t
186}
187
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]188func SetupCertificateIssuers(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]189 pub := newLeafTask(fmt.Sprintf("Public %s", env.Domain), func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]190 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-public")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]191 if err != nil {
192 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]193 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]194 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]195 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]196 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]197 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
198 "network": "Public",
199 }); err != nil {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]200 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]201 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]202 return nil
203 })
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]204 tasks := []Task{&pub}
205 if env.PrivateDomain != "" {
206 priv := newLeafTask(fmt.Sprintf("Private p.%s", env.Domain), func() error {
207 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-private")
208 if err != nil {
209 return err
210 }
211 instanceId := app.Slug()
212 appDir := fmt.Sprintf("/apps/%s", instanceId)
213 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
214 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{}); err != nil {
215 return err
216 }
217 return nil
218 })
219 tasks = append(tasks, &priv)
220 }
221 return newSequentialParentTask("Configure TLS certificate issuers", false, tasks...)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]222}
223
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]224func SetupAuth(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]225 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]226 app, err := installer.FindEnvApp(st.appsRepo, "core-auth")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]227 if err != nil {
228 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]229 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]230 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]231 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]232 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]233 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]234 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]235 "subdomain": "test", // TODO(giolekva): make core-auth chart actually use this
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]236 }); err != nil {
237 return err
238 }
239 return nil
240 })
241 return newSequentialParentTask(
242 "Authentication services",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]243 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]244 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]245 waitForAddr(st.httpClient, fmt.Sprintf("https://accounts-ui.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]246 )
247}
248
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]249func SetupGroupMemberships(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]250 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]251 app, err := installer.FindEnvApp(st.appsRepo, "memberships")
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]252 if err != nil {
253 return err
254 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]255 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]256 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]257 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]258 network := "Public"
259 if env.PrivateDomain != "" {
260 network = "Private"
261 }
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]262 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]263 "network": network,
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]264 "authGroups": strings.Join(initGroups, ","),
265 }); err != nil {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]266 return err
267 }
268 return nil
269 })
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]270 var addr string
271 if env.PrivateDomain != "" {
272 addr = fmt.Sprintf("https://memberships.%s", env.PrivateDomain)
273 } else {
274 addr = fmt.Sprintf("https://memberships.%s", env.Domain)
275 }
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]276 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]277 "Group membership",
278 false,
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]279 &t,
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]280 waitForAddr(st.httpClient, addr),
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]281 )
282}
283
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]284func SetupLauncher(env installer.EnvConfig, st *state) Task {
285 t := newLeafTask("Setup", func() error {
286 user := fmt.Sprintf("%s-launcher", env.Id)
287 keys, err := installer.NewSSHKeyPair(user)
288 if err != nil {
289 return err
290 }
291 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
292 return err
293 }
294 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
295 return err
296 }
297 app, err := installer.FindEnvApp(st.appsRepo, "launcher")
298 if err != nil {
299 return err
300 }
301 instanceId := app.Slug()
302 appDir := fmt.Sprintf("/apps/%s", instanceId)
303 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
304 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]305 "network": "Public",
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]306 "repoAddr": st.ssClient.GetRepoAddress("config"),
307 "sshPrivateKey": string(keys.RawPrivateKey()),
308 }); err != nil {
309 return err
310 }
311 return nil
312 })
313 return newSequentialParentTask(
314 "Launcher",
315 false,
316 &t,
317 waitForAddr(st.httpClient, fmt.Sprintf("https://launcher.%s", env.Domain)),
318 )
319}
320
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]321func SetupHeadscale(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]322 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]323 app, err := installer.FindEnvApp(st.appsRepo, "headscale")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]324 if err != nil {
325 return err
326 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]327 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]328 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]329 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]330 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]331 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]332 "subdomain": "headscale",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]333 "ipSubnet": fmt.Sprintf("%s/24", env.Network.DNS.String()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]334 }); err != nil {
335 return err
336 }
337 return nil
338 })
339 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]340 "Setup mesh VPN",
341 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]342 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]343 waitForAddr(st.httpClient, fmt.Sprintf("https://headscale.%s/apple", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]344 )
345}
346
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]347func SetupWelcome(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]348 t := newLeafTask("Setup", func() error {
349 keys, err := installer.NewSSHKeyPair("welcome")
350 if err != nil {
351 return err
352 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]353 user := fmt.Sprintf("%s-welcome", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]354 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
355 return err
356 }
357 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
358 return err
359 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]360 app, err := installer.FindEnvApp(st.appsRepo, "welcome")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]361 if err != nil {
362 return err
363 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]364 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]365 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]366 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]367 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]368 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]369 "repoAddr": st.ssClient.GetRepoAddress("config"),
370 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]371 }); err != nil {
372 return err
373 }
374 return nil
375 })
376 return newSequentialParentTask(
377 "Welcome service",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]378 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]379 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]380 waitForAddr(st.httpClient, fmt.Sprintf("https://welcome.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]381 )
382}
383
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]384func SetupAppStore(env installer.EnvConfig, st *state) Task {
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]385 t := newLeafTask("Setup", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]386 user := fmt.Sprintf("%s-appmanager", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]387 keys, err := installer.NewSSHKeyPair(user)
388 if err != nil {
389 return err
390 }
391 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
392 return err
393 }
394 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
395 return err
396 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]397 app, err := installer.FindEnvApp(st.appsRepo, "app-manager") // TODO(giolekva): configure
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]398 if err != nil {
399 return err
400 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]401 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]402 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]403 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]404 network := "Public"
405 if env.PrivateDomain != "" {
406 network = "Private"
407 }
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]408 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]409 "network": network,
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]410 "repoAddr": st.ssClient.GetRepoAddress("config"),
411 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili3c91e8b2024-03-25 20:20:14 +0400[diff] [blame]412 "authGroups": strings.Join(initGroups, ","),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]413 }); err != nil {
414 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]415 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]416 return nil
417 })
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]418 var addr string
419 if env.PrivateDomain != "" {
420 addr = fmt.Sprintf("https://apps.%s", env.PrivateDomain)
421 } else {
422 addr = fmt.Sprintf("https://apps.%s", env.Domain)
423 }
424 return newSequentialParentTask(
425 "Application marketplace",
426 false,
427 &t,
428 waitForAddr(st.httpClient, addr),
429 )
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]430}
431
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]432// TODO(gio-dns): remove
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]433type DNSSecKey struct {
434 Basename string `json:"basename,omitempty"`
435 Key []byte `json:"key,omitempty"`
436 Private []byte `json:"private,omitempty"`
437 DS []byte `json:"ds,omitempty"`
438}
439
440func newDNSSecKey(zone string) (DNSSecKey, error) {
441 key := &dns.DNSKEY{
442 Hdr: dns.RR_Header{Name: dns.Fqdn(zone), Class: dns.ClassINET, Ttl: 3600, Rrtype: dns.TypeDNSKEY},
443 Algorithm: dns.ECDSAP256SHA256, Flags: 257, Protocol: 3,
444 }
445 priv, err := key.Generate(256)
446 if err != nil {
447 return DNSSecKey{}, err
448 }
449 return DNSSecKey{
450 Basename: fmt.Sprintf("K%s+%03d+%05d", key.Header().Name, key.Algorithm, key.KeyTag()),
451 Key: []byte(key.String()),
452 Private: []byte(key.PrivateKeyString(priv)),
453 DS: []byte(key.ToDS(dns.SHA256).String()),
454 }, nil
455}