Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 8c4ea242050b617dfd80d5e3d35f56df7f9ea98b / . / core / installer / tasks / infra.go
blob: 907bba09cb260a05f5be72717673b6d2583060c7 [file] [log] [blame]
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]1package tasks
2
3import (
4 "fmt"
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]5 "strings"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]6
7 "github.com/miekg/dns"
8
9 "github.com/giolekva/pcloud/core/installer"
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]10 "github.com/giolekva/pcloud/core/installer/soft"
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]11)
12
gio134be722025-07-20 19:01:17 +0400[diff] [blame]13type group struct {
14 Id string `json:"id"`
15 Title string `json:"title"`
16 Description string `json:"description"`
17}
18
19var initGroups = []group{
20 group{
21 "admin",
22 "Admin",
23 "Administrators",
24 },
25}
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]26
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]27func CreateRepoClient(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]28 t := newLeafTask("Create repo client", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]29 r, err := st.ssClient.GetRepo("config")
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]30 if err != nil {
31 return err
32 }
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]33 appManager, err := installer.NewAppManager(r, st.nsCreator, st.jc, st.hf, nil, nil, "/apps")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]34 if err != nil {
35 return err
36 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]37 st.appManager = appManager
38 st.appsRepo = installer.NewInMemoryAppRepository(installer.CreateAllApps())
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]39 return nil
40 })
Giorgi Lekveishviliab7ff6e2024-03-29 13:11:30 +0400[diff] [blame]41 t.beforeStart = func() {
42 st.infoListener("Setting up core infrastructure services.")
43 }
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]44 return &t
45}
46
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]47func SetupInfra(env installer.EnvConfig, st *state) Task {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]48 tasks := []Task{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]49 SetupNetwork(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]50 SetupCertificateIssuers(env, st),
51 SetupAuth(env, st),
52 SetupGroupMemberships(env, st),
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]53 SetupWelcome(env, st),
54 SetupAppStore(env, st),
Davit Tabidze56f86a42024-04-09 19:15:25 +0400[diff] [blame]55 SetupLauncher(env, st),
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]56 }
57 if env.PrivateDomain != "" {
58 tasks = append(tasks, SetupHeadscale(env, st))
59 }
60 return newConcurrentParentTask(
61 "Setup core services",
62 true,
63 tasks...,
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]64 )
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]65}
66
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]67func CommitEnvironmentConfiguration(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]68 t := newLeafTask("commit config", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]69 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]70 if err != nil {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]71 return err
72 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]73 r.Do(func(r soft.RepoFS) (string, error) {
74 if err := soft.WriteYaml(r, "config.yaml", env); err != nil {
75 return "", err
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]76 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]77 rootKust, err := soft.ReadKustomization(r, "kustomization.yaml")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]78 if err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]79 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]80 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]81 if err := soft.WriteYaml(r, "kustomization.yaml", rootKust); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]82 return "", err
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]83 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]84 return "configure charts repo", nil
85 })
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]86 return nil
87 })
88 return &t
89}
90
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]91type firstAccount struct {
gio134be722025-07-20 19:01:17 +0400[diff] [blame]92 Created bool `json:"created"`
93 Domain string `json:"domain"`
94 Groups []group `json:"groups"`
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]95}
96
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]97func ConfigureFirstAccount(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]98 t := newLeafTask("Configure first account settings", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]99 r, err := st.ssClient.GetRepo("config")
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]100 if err != nil {
101 return err
102 }
giob4a3a192024-08-19 09:55:47 +0400[diff] [blame]103 _, err = r.Do(func(r soft.RepoFS) (string, error) {
gio2728e402024-08-01 18:14:21 +0400[diff] [blame]104 fa := firstAccount{false, env.Domain, initGroups}
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]105 if err := soft.WriteYaml(r, "first-account.yaml", fa); err != nil {
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]106 return "", err
107 }
108 return "first account membership configuration", nil
109 })
giob4a3a192024-08-19 09:55:47 +0400[diff] [blame]110 return err
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]111 })
112 return &t
113}
114
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]115func SetupNetwork(env installer.EnvConfig, st *state) Task {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]116 t := newLeafTask("Setup networks", func() error {
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]117 {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]118 app, err := installer.FindEnvApp(st.appsRepo, "metallb-ipaddresspool")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]119 if err != nil {
120 return err
121 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]122 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]123 instanceId := fmt.Sprintf("%s-ingress-private", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]124 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]125 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]126 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]127 "name": fmt.Sprintf("%s-ingress-private", env.Id),
128 "from": env.Network.Ingress.String(),
129 "to": env.Network.Ingress.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]130 "autoAssign": false,
131 "namespace": "metallb-system",
132 }); err != nil {
133 return err
134 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]135 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]136 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]137 instanceId := fmt.Sprintf("%s-headscale", app.Slug())
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]138 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]139 namespace := fmt.Sprintf("%s%s-ingress-private", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]140 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]141 "name": fmt.Sprintf("%s-headscale", env.Id),
142 "from": env.Network.Headscale.String(),
143 "to": env.Network.Headscale.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]144 "autoAssign": false,
145 "namespace": "metallb-system",
146 }); err != nil {
147 return err
148 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]149 }
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]150 {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]151 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]152 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]153 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]154 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]155 "name": env.Id,
156 "from": env.Network.ServicesFrom.String(),
157 "to": env.Network.ServicesTo.String(),
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]158 "autoAssign": false,
159 "namespace": "metallb-system",
160 }); err != nil {
161 return err
162 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]163 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]164 }
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]165 if env.PrivateDomain != "" {
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]166 keys, err := installer.NewSSHKeyPair("port-allocator")
167 if err != nil {
168 return err
169 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]170 user := fmt.Sprintf("%s-port-allocator", env.Id)
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]171 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
172 return err
173 }
174 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
175 return err
176 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]177 app, err := installer.FindEnvApp(st.appsRepo, "private-network")
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]178 if err != nil {
179 return err
180 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]181 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]182 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]183 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]184 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]185 "privateNetwork": map[string]any{
186 "hostname": "private-network-proxy",
187 "username": "private-network-proxy",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]188 "ipSubnet": fmt.Sprintf("%s.0/24", strings.Join(strings.Split(env.Network.DNS.String(), ".")[:3], ".")),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]189 },
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]190 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]191 }); err != nil {
192 return err
193 }
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]194 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]195 return nil
196 })
197 return &t
198}
199
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]200func SetupCertificateIssuers(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]201 pub := newLeafTask(fmt.Sprintf("Public %s", env.Domain), func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]202 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-public")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]203 if err != nil {
204 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]205 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]206 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]207 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]208 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]209 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
210 "network": "Public",
211 }); err != nil {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]212 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]213 }
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]214 return nil
215 })
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]216 tasks := []Task{&pub}
217 if env.PrivateDomain != "" {
218 priv := newLeafTask(fmt.Sprintf("Private p.%s", env.Domain), func() error {
219 app, err := installer.FindEnvApp(st.appsRepo, "certificate-issuer-private")
220 if err != nil {
221 return err
222 }
223 instanceId := app.Slug()
224 appDir := fmt.Sprintf("/apps/%s", instanceId)
225 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
226 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{}); err != nil {
227 return err
228 }
229 return nil
230 })
231 tasks = append(tasks, &priv)
232 }
233 return newSequentialParentTask("Configure TLS certificate issuers", false, tasks...)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]234}
235
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]236func SetupAuth(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]237 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]238 app, err := installer.FindEnvApp(st.appsRepo, "core-auth")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]239 if err != nil {
240 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]241 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]242 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]243 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]244 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]245 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]246 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]247 "subdomain": "test", // TODO(giolekva): make core-auth chart actually use this
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]248 }); err != nil {
249 return err
250 }
251 return nil
252 })
253 return newSequentialParentTask(
254 "Authentication services",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]255 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]256 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]257 waitForAddr(st.httpClient, fmt.Sprintf("https://accounts-ui.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]258 )
259}
260
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]261func SetupGroupMemberships(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]262 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]263 app, err := installer.FindEnvApp(st.appsRepo, "memberships")
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]264 if err != nil {
265 return err
266 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]267 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]268 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]269 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]270 network := "Public"
271 if env.PrivateDomain != "" {
272 network = "Private"
273 }
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]274 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
giod17ad3e2024-10-03 13:09:55 +0400[diff] [blame]275 "network": network,
276 // NOTE(gio): Everyone has access to memberships service, so that
277 // they can edit their own profile, request memberships, ...
278 "authGroups": "",
Giorgi Lekveishvilid542b732024-03-25 18:17:39 +0400[diff] [blame]279 }); err != nil {
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]280 return err
281 }
282 return nil
283 })
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]284 var addr string
285 if env.PrivateDomain != "" {
286 addr = fmt.Sprintf("https://memberships.%s", env.PrivateDomain)
287 } else {
288 addr = fmt.Sprintf("https://memberships.%s", env.Domain)
289 }
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]290 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]291 "Group membership",
292 false,
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]293 &t,
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]294 waitForAddr(st.httpClient, addr),
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]295 )
296}
297
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]298func SetupLauncher(env installer.EnvConfig, st *state) Task {
299 t := newLeafTask("Setup", func() error {
300 user := fmt.Sprintf("%s-launcher", env.Id)
301 keys, err := installer.NewSSHKeyPair(user)
302 if err != nil {
303 return err
304 }
305 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
306 return err
307 }
308 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
309 return err
310 }
311 app, err := installer.FindEnvApp(st.appsRepo, "launcher")
312 if err != nil {
313 return err
314 }
315 instanceId := app.Slug()
316 appDir := fmt.Sprintf("/apps/%s", instanceId)
317 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
318 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]319 "network": "Public",
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]320 "repoAddr": st.ssClient.GetRepoAddress("config"),
321 "sshPrivateKey": string(keys.RawPrivateKey()),
322 }); err != nil {
323 return err
324 }
325 return nil
326 })
327 return newSequentialParentTask(
328 "Launcher",
329 false,
330 &t,
331 waitForAddr(st.httpClient, fmt.Sprintf("https://launcher.%s", env.Domain)),
332 )
333}
334
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]335func SetupHeadscale(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]336 t := newLeafTask("Setup", func() error {
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]337 app, err := installer.FindEnvApp(st.appsRepo, "headscale")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]338 if err != nil {
339 return err
340 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]341 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]342 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]343 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]344 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]345 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]346 "subdomain": "headscale",
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]347 "ipSubnet": fmt.Sprintf("%s/24", env.Network.DNS.String()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]348 }); err != nil {
349 return err
350 }
351 return nil
352 })
353 return newSequentialParentTask(
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]354 "Setup mesh VPN",
355 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]356 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]357 waitForAddr(st.httpClient, fmt.Sprintf("https://headscale.%s/apple", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]358 )
359}
360
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]361func SetupWelcome(env installer.EnvConfig, st *state) Task {
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]362 t := newLeafTask("Setup", func() error {
363 keys, err := installer.NewSSHKeyPair("welcome")
364 if err != nil {
365 return err
366 }
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]367 user := fmt.Sprintf("%s-welcome", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]368 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
369 return err
370 }
371 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
372 return err
373 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]374 app, err := installer.FindEnvApp(st.appsRepo, "welcome")
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]375 if err != nil {
376 return err
377 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]378 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]379 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]380 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]381 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]382 "network": "Public",
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]383 "repoAddr": st.ssClient.GetRepoAddress("config"),
384 "sshPrivateKey": string(keys.RawPrivateKey()),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]385 }); err != nil {
386 return err
387 }
388 return nil
389 })
390 return newSequentialParentTask(
391 "Welcome service",
Giorgi Lekveishvili5c1b06e2024-03-28 15:19:44 +0400[diff] [blame]392 false,
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]393 &t,
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]394 waitForAddr(st.httpClient, fmt.Sprintf("https://welcome.%s", env.Domain)),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]395 )
396}
397
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]398func SetupAppStore(env installer.EnvConfig, st *state) Task {
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]399 t := newLeafTask("Setup", func() error {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]400 user := fmt.Sprintf("%s-appmanager", env.Id)
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]401 keys, err := installer.NewSSHKeyPair(user)
402 if err != nil {
403 return err
404 }
405 if err := st.ssClient.AddUser(user, keys.AuthorizedKey()); err != nil {
406 return err
407 }
408 if err := st.ssClient.AddReadWriteCollaborator("config", user); err != nil {
409 return err
410 }
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]411 app, err := installer.FindEnvApp(st.appsRepo, "app-manager") // TODO(giolekva): configure
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]412 if err != nil {
413 return err
414 }
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]415 instanceId := app.Slug()
gio3cdee592024-04-17 10:15:56 +0400[diff] [blame]416 appDir := fmt.Sprintf("/apps/%s", instanceId)
gio3af43942024-04-16 08:13:50 +0400[diff] [blame]417 namespace := fmt.Sprintf("%s%s", env.NamespacePrefix, app.Namespace())
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]418 network := "Public"
419 if env.PrivateDomain != "" {
420 network = "Private"
421 }
gio134be722025-07-20 19:01:17 +0400[diff] [blame]422 var initGroupIds []string
423 for _, g := range initGroups {
424 initGroupIds = append(initGroupIds, g.Id)
425 }
gio778577f2024-04-29 09:44:38 +0400[diff] [blame]426 if _, err := st.appManager.Install(app, instanceId, appDir, namespace, map[string]any{
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]427 "network": network,
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]428 "repoAddr": st.ssClient.GetRepoAddress("config"),
429 "sshPrivateKey": string(keys.RawPrivateKey()),
gio134be722025-07-20 19:01:17 +0400[diff] [blame]430 "authGroups": strings.Join(initGroupIds, ","),
Giorgi Lekveishvili378ea882023-12-12 13:59:18 +0400[diff] [blame]431 }); err != nil {
432 return err
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]433 }
Giorgi Lekveishvili77ee2dc2023-12-11 16:51:10 +0400[diff] [blame]434 return nil
435 })
giob79db3a2024-08-01 14:20:42 +0400[diff] [blame]436 var addr string
437 if env.PrivateDomain != "" {
438 addr = fmt.Sprintf("https://apps.%s", env.PrivateDomain)
439 } else {
440 addr = fmt.Sprintf("https://apps.%s", env.Domain)
441 }
442 return newSequentialParentTask(
443 "Application marketplace",
444 false,
445 &t,
446 waitForAddr(st.httpClient, addr),
447 )
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]448}
449
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]450// TODO(gio-dns): remove
Giorgi Lekveishvili46743d42023-12-10 15:47:23 +0400[diff] [blame]451type DNSSecKey struct {
452 Basename string `json:"basename,omitempty"`
453 Key []byte `json:"key,omitempty"`
454 Private []byte `json:"private,omitempty"`
455 DS []byte `json:"ds,omitempty"`
456}
457
458func newDNSSecKey(zone string) (DNSSecKey, error) {
459 key := &dns.DNSKEY{
460 Hdr: dns.RR_Header{Name: dns.Fqdn(zone), Class: dns.ClassINET, Ttl: 3600, Rrtype: dns.TypeDNSKEY},
461 Algorithm: dns.ECDSAP256SHA256, Flags: 257, Protocol: 3,
462 }
463 priv, err := key.Generate(256)
464 if err != nil {
465 return DNSSecKey{}, err
466 }
467 return DNSSecKey{
468 Basename: fmt.Sprintf("K%s+%03d+%05d", key.Header().Name, key.Algorithm, key.KeyTag()),
469 Key: []byte(key.String()),
470 Private: []byte(key.PrivateKeyString(priv)),
471 DS: []byte(key.ToDS(dns.SHA256).String()),
472 }, nil
473}