Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 69ff759f4e5bafc74f80cb2b72e4e417ec2edbbb / . / core / installer / tasks / infra.go
blob: d69ba3a0b81a958ade12aba8a35b420dfb476e9c [file] [log] [blame]
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]1package tasks
2
3import (
4 "fmt"
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]5 "strings"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]6
7 "github.com/miekg/dns"
8
9 "github.com/giolekva/pcloud/core/installer"
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]10 "github.com/giolekva/pcloud/core/installer/soft"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]11)
12
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]13var initGroups = []string{"admin"}
14
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]15func CreateRepoClient(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]16 t := newLeafTask("Create repo client", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]17 r, err := st.ssClient.GetRepo("config")
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]18 if err != nil {
19 return err
20 }
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]21 appManager, err := installer.NewAppManager(r, st.nsCreator, st.jc, st.hf, nil, nil, "/apps")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]22 if err != nil {
23 return err
24 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]25 st.appManager = appManager
26 st.appsRepo = installer.NewInMemoryAppRepository(installer.CreateAllApps())
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]27 return nil
28 })
Giorgi Lekveishviliab7ff6e2024-03-29 13:11:30 +0400[diff] [blame]29 t.beforeStart = func() {
30 st.infoListener("Setting up core infrastructure services.")
31 }
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]32 return &t
33}
34
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]35func SetupInfra(env installer.EnvConfig, st *state) Task {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]36 tasks := []Task{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]37 SetupNetwork(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]38 SetupCertificateIssuers(env, st),
39 SetupAuth(env, st),
40 SetupGroupMemberships(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]41 SetupWelcome(env, st),
42 SetupAppStore(env, st),
Davit Tabidze56f86a42024-04-09 19:15:25 +0400[diff] [blame]43 SetupLauncher(env, st),
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]44 }
45 if env.PrivateDomain != "" {
46 tasks = append(tasks, SetupHeadscale(env, st))
47 }
48 return newConcurrentParentTask(
49 "Setup core services",
50 true,
51 tasks...,
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]52 )
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]53}
54
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]55func CommitEnvironmentConfiguration(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]56 t := newLeafTask("commit config", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]57 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]58 if err != nil {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]59 return err
60 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]61 r.Do(func(r soft.RepoFS) (string, error) {
62 if err := soft.WriteYaml(r, "config.yaml", env); err != nil {
63 return "", err
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]64 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]65 rootKust, err := soft.ReadKustomization(r, "kustomization.yaml")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]66 if err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]67 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]68 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]69 if err := soft.WriteYaml(r, "kustomization.yaml", rootKust); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]70 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]71 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]72 return "configure charts repo", nil
73 })
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]74 return nil
75 })
76 return &t
77}
78
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]79type firstAccount struct {
80 Created bool `json:"created"`
gio2728e402024-08-01 18:14:21 +0400[diff] [blame]81 Domain string `json:"domain"`
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]82 Groups []string `json:"groups"`
83}
84
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]85func ConfigureFirstAccount(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]86 t := newLeafTask("Configure first account settings", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]87 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]88 if err != nil {
89 return err
90 }
giob4a3a192024-08-19 09:55:47 +0400[diff] [blame]91 _, err = r.Do(func(r soft.RepoFS) (string, error) {
gio2728e402024-08-01 18:14:21 +0400[diff] [blame]92 fa := firstAccount{false, env.Domain, initGroups}
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]93 if err := soft.WriteYaml(r, "first-account.yaml", fa); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]94 return "", err
95 }
96 return "first account membership configuration", nil
97 })
giob4a3a192024-08-19 09:55:47 +0400[diff] [blame]98 return err
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]99 })
100 return &t
101}
102
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]103func SetupNetwork(env installer.EnvConfig, st *state) Task {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]104 t := newLeafTask("Setup networks", func() error {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]105 {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]106 app, err := installer.FindEnvApp(st.appsRepo, "metallb-ipaddresspool")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]107 if err != nil {
108 return err
109 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]110 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]111 instanceId := fmt.Sprintf("%s-ingress-private", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]112 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]113 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]114 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]115 "name": fmt.Sprintf("%s-ingress-private", env.Id),
116 "from": env.Network.Ingress.String(),
117 "to": env.Network.Ingress.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]118 "autoAssign": false,
119 "namespace": "metallb-system",
120 }); err != nil {
121 return err
122 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]123 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]124 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]125 instanceId := fmt.Sprintf("%s-headscale", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]126 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]127 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]128 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]129 "name": fmt.Sprintf("%s-headscale", env.Id),
130 "from": env.Network.Headscale.String(),
131 "to": env.Network.Headscale.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]132 "autoAssign": false,
133 "namespace": "metallb-system",
134 }); err != nil {
135 return err
136 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]137 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]138 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]139 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]140 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]141 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]142 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]143 "name": env.Id,
144 "from": env.Network.ServicesFrom.String(),
145 "to": env.Network.ServicesTo.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]146 "autoAssign": false,
147 "namespace": "metallb-system",
148 }); err != nil {
149 return err
150 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]151 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]152 }
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]153 if env.PrivateDomain != "" {
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]154 keys, err := installer.NewSSHKeyPair("port-allocator")
155 if err != nil {
156 return err
157 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]158 user := fmt.Sprintf("%s-port-allocator", env.Id)
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]159 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
160 return err
161 }
162 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
163 return err
164 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]165 app, err := installer.FindEnvApp(st.appsRepo, "private-network")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]166 if err != nil {
167 return err
168 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]169 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]170 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]171 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]172 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]173 "privateNetwork": map[string]any{
174 "hostname": "private-network-proxy",
175 "username": "private-network-proxy",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]176 "ipSubnet": fmt.Sprintf("%s.0/24", strings.Join(strings.Split(env.Network.DNS.String(), ".")[:3], ".")),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]177 },
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]178 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]179 }); err != nil {
180 return err
181 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]182 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]183 return nil
184 })
185 return &t
186}
187
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]188func SetupCertificateIssuers(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]189 pub := newLeafTask(fmt.Sprintf("Public %s", env.Domain), func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]190 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-public")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]191 if err != nil {
192 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]193 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]194 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]195 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]196 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]197 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
198 "network": "Public",
199 }); err != nil {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]200 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]201 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]202 return nil
203 })
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]204 tasks := []Task{&pub}
205 if env.PrivateDomain != "" {
206 priv := newLeafTask(fmt.Sprintf("Private p.%s", env.Domain), func() error {
207 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-private")
208 if err != nil {
209 return err
210 }
211 instanceId := app.Slug()
212 appDir := fmt.Sprintf("/apps/%s", instanceId)
213 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
214 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{}); err != nil {
215 return err
216 }
217 return nil
218 })
219 tasks = append(tasks, &priv)
220 }
221 return newSequentialParentTask("Configure TLS certificate issuers", false, tasks...)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]222}
223
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]224func SetupAuth(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]225 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]226 app, err := installer.FindEnvApp(st.appsRepo, "core-auth")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]227 if err != nil {
228 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]229 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]230 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]231 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]232 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]233 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]234 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]235 "subdomain": "test", // TODO(giolekva): make core-auth chart actually use this
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]236 }); err != nil {
237 return err
238 }
239 return nil
240 })
241 return newSequentialParentTask(
242 "Authentication services",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]243 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]244 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]245 waitForAddr(st.httpClient, fmt.Sprintf("https://accounts-ui.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]246 )
247}
248
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]249func SetupGroupMemberships(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]250 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]251 app, err := installer.FindEnvApp(st.appsRepo, "memberships")
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]252 if err != nil {
253 return err
254 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]255 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]256 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]257 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]258 network := "Public"
259 if env.PrivateDomain != "" {
260 network = "Private"
261 }
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]262 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
giod17ad3e2024-10-03 13:09:55 +0400[diff] [blame]263 "network": network,
264 // NOTE(gio): Everyone has access to memberships service, so that
265 // they can edit their own profile, request memberships, ...
266 "authGroups": "",
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]267 }); err != nil {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]268 return err
269 }
270 return nil
271 })
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]272 var addr string
273 if env.PrivateDomain != "" {
274 addr = fmt.Sprintf("https://memberships.%s", env.PrivateDomain)
275 } else {
276 addr = fmt.Sprintf("https://memberships.%s", env.Domain)
277 }
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]278 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]279 "Group membership",
280 false,
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]281 &t,
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]282 waitForAddr(st.httpClient, addr),
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]283 )
284}
285
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]286func SetupLauncher(env installer.EnvConfig, st *state) Task {
287 t := newLeafTask("Setup", func() error {
288 user := fmt.Sprintf("%s-launcher", env.Id)
289 keys, err := installer.NewSSHKeyPair(user)
290 if err != nil {
291 return err
292 }
293 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
294 return err
295 }
296 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
297 return err
298 }
299 app, err := installer.FindEnvApp(st.appsRepo, "launcher")
300 if err != nil {
301 return err
302 }
303 instanceId := app.Slug()
304 appDir := fmt.Sprintf("/apps/%s", instanceId)
305 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
306 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]307 "network": "Public",
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]308 "repoAddr": st.ssClient.GetRepoAddress("config"),
309 "sshPrivateKey": string(keys.RawPrivateKey()),
310 }); err != nil {
311 return err
312 }
313 return nil
314 })
315 return newSequentialParentTask(
316 "Launcher",
317 false,
318 &t,
319 waitForAddr(st.httpClient, fmt.Sprintf("https://launcher.%s", env.Domain)),
320 )
321}
322
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]323func SetupHeadscale(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]324 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]325 app, err := installer.FindEnvApp(st.appsRepo, "headscale")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]326 if err != nil {
327 return err
328 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]329 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]330 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]331 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]332 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]333 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]334 "subdomain": "headscale",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]335 "ipSubnet": fmt.Sprintf("%s/24", env.Network.DNS.String()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]336 }); err != nil {
337 return err
338 }
339 return nil
340 })
341 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]342 "Setup mesh VPN",
343 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]344 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]345 waitForAddr(st.httpClient, fmt.Sprintf("https://headscale.%s/apple", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]346 )
347}
348
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]349func SetupWelcome(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]350 t := newLeafTask("Setup", func() error {
351 keys, err := installer.NewSSHKeyPair("welcome")
352 if err != nil {
353 return err
354 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]355 user := fmt.Sprintf("%s-welcome", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]356 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
357 return err
358 }
359 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
360 return err
361 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]362 app, err := installer.FindEnvApp(st.appsRepo, "welcome")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]363 if err != nil {
364 return err
365 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]366 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]367 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]368 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]369 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]370 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]371 "repoAddr": st.ssClient.GetRepoAddress("config"),
372 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]373 }); err != nil {
374 return err
375 }
376 return nil
377 })
378 return newSequentialParentTask(
379 "Welcome service",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]380 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]381 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]382 waitForAddr(st.httpClient, fmt.Sprintf("https://welcome.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]383 )
384}
385
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]386func SetupAppStore(env installer.EnvConfig, st *state) Task {
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]387 t := newLeafTask("Setup", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]388 user := fmt.Sprintf("%s-appmanager", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]389 keys, err := installer.NewSSHKeyPair(user)
390 if err != nil {
391 return err
392 }
393 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
394 return err
395 }
396 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
397 return err
398 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]399 app, err := installer.FindEnvApp(st.appsRepo, "app-manager") // TODO(giolekva): configure
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]400 if err != nil {
401 return err
402 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]403 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]404 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]405 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]406 network := "Public"
407 if env.PrivateDomain != "" {
408 network = "Private"
409 }
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]410 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]411 "network": network,
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]412 "repoAddr": st.ssClient.GetRepoAddress("config"),
413 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili3c91e8b2024-03-25 20:20:14 +0400[diff] [blame]414 "authGroups": strings.Join(initGroups, ","),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]415 }); err != nil {
416 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]417 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]418 return nil
419 })
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]420 var addr string
421 if env.PrivateDomain != "" {
422 addr = fmt.Sprintf("https://apps.%s", env.PrivateDomain)
423 } else {
424 addr = fmt.Sprintf("https://apps.%s", env.Domain)
425 }
426 return newSequentialParentTask(
427 "Application marketplace",
428 false,
429 &t,
430 waitForAddr(st.httpClient, addr),
431 )
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]432}
433
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]434// TODO(gio-dns): remove
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]435type DNSSecKey struct {
436 Basename string `json:"basename,omitempty"`
437 Key []byte `json:"key,omitempty"`
438 Private []byte `json:"private,omitempty"`
439 DS []byte `json:"ds,omitempty"`
440}
441
442func newDNSSecKey(zone string) (DNSSecKey, error) {
443 key := &dns.DNSKEY{
444 Hdr: dns.RR_Header{Name: dns.Fqdn(zone), Class: dns.ClassINET, Ttl: 3600, Rrtype: dns.TypeDNSKEY},
445 Algorithm: dns.ECDSAP256SHA256, Flags: 257, Protocol: 3,
446 }
447 priv, err := key.Generate(256)
448 if err != nil {
449 return DNSSecKey{}, err
450 }
451 return DNSSecKey{
452 Basename: fmt.Sprintf("K%s+%03d+%05d", key.Header().Name, key.Algorithm, key.KeyTag()),
453 Key: []byte(key.String()),
454 Private: []byte(key.PrivateKeyString(priv)),
455 DS: []byte(key.ToDS(dns.SHA256).String()),
456 }, nil
457}