From 94859c0dbb2656080495b71c8087f1e68102d798 Mon Sep 17 00:00:00 2001
From: hexchen <hexchen@lilwit.ch>
Date: Sun, 29 Nov 2020 02:55:17 +0000
Subject: [PATCH] hosts: init cdn-loadbalancer

---
 .../hosts/cdn/loadbalancer/configuration.nix  | 26 ++++++++
 .../cdn/loadbalancer/hardware-config.nix      | 26 ++++++++
 configuration/hosts/default.nix               |  4 ++
 configuration/server/cdn-lb.nix               | 63 +++++++++++++++++++
 4 files changed, 119 insertions(+)
 create mode 100644 configuration/hosts/cdn/loadbalancer/configuration.nix
 create mode 100644 configuration/hosts/cdn/loadbalancer/hardware-config.nix
 create mode 100644 configuration/server/cdn-lb.nix

diff --git a/configuration/hosts/cdn/loadbalancer/configuration.nix b/configuration/hosts/cdn/loadbalancer/configuration.nix
new file mode 100644
index 0000000..424f3d8
--- /dev/null
+++ b/configuration/hosts/cdn/loadbalancer/configuration.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-config.nix
+      ../../../common
+      ../../../server/cdn-lb.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+  networking.interfaces.ens3.useDHCP = true;
+  networking.hostName = "cdn-loadbalancer";
+
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.03"; # Did you read the comment?
+}
diff --git a/configuration/hosts/cdn/loadbalancer/hardware-config.nix b/configuration/hosts/cdn/loadbalancer/hardware-config.nix
new file mode 100644
index 0000000..38e8bb3
--- /dev/null
+++ b/configuration/hosts/cdn/loadbalancer/hardware-config.nix
@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e371ee1d-a03f-4964-b03d-4a5c59ff5911";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 1;
+}
+
+
diff --git a/configuration/hosts/default.nix b/configuration/hosts/default.nix
index 48c356f..b0d562f 100644
--- a/configuration/hosts/default.nix
+++ b/configuration/hosts/default.nix
@@ -20,6 +20,10 @@ let
       ssh.host = "cdn-master.live.hacc.media";
       groups = [ "server" "hacc" "live" "livecdn" "livecdn-master" ];
     };
+    "cdn/loadbalancer" = {
+      ssh.host = "cdn-loadbalancer.live.hacc.media";
+      groups = [ "server" "hacc" "live" "livecdn" "livecdn-lb" ];
+    };
   };
   pkgs = import <nixpkgs> {};
   evalConfig = import <nixpkgs/nixos/lib/eval-config.nix>;
diff --git a/configuration/server/cdn-lb.nix b/configuration/server/cdn-lb.nix
new file mode 100644
index 0000000..1de61bc
--- /dev/null
+++ b/configuration/server/cdn-lb.nix
@@ -0,0 +1,63 @@
+{config, lib, pkgs, ...}:
+
+{
+  networking.firewall.allowedTCPPorts = [
+    80 # HTTP
+    443 # HTTPs
+  ];
+
+  services.netdata = {
+    enable = true;
+  };
+
+  # Enable nginx service
+  services.nginx = {
+    enable = true;
+
+    # Use recommended settings
+    # Don't use recommended Proxy settings because it does funky things with the setup
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts."${config.networking.hostName}.live.hacc.media" = {
+      locations = {
+        "/" = {
+          return = "301 \"http://$cdnhosts$request_uri\"";
+          extraConfig = ''
+            auth_basic off;
+          '';
+        };
+        "/stats" = {
+          return = "301 /stats/";
+        };
+        "~ /stats/(?<ndpath>.*)" = {
+          proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
+          extraConfig = ''
+            proxy_redirect off;
+            proxy_set_header Host $host;
+
+            proxy_set_header X-Forwarded-Host $host;
+            proxy_set_header X-Forwarded-Server $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_http_version 1.1;
+            proxy_pass_request_headers on;
+            proxy_set_header Connection "keep-alive";
+            proxy_store off;
+
+            gzip on;
+            gzip_proxied any;
+            gzip_types *;
+          '';
+        };
+      };
+      forceSSL = true;
+      enableACME = true;
+    };
+    appendHttpConfig = ''
+      split_clients "$\{remote_addr\}" $cdnhosts {
+        50% "cdn-node-1.live.hacc.media";
+        50% "cdn-node-2.live.hacc.media";
+      }
+    '';
+  };
+}