ptr.pet / nixos-cloud-resources
nixos modules for convenient deployment of cloud resources
fork atom

refactor(hetzner): improve command; make error logging better

ptr.pet 698c6ba2 4ef813c9

verified
options
unified split
Changed files
+37 -32
.gitignore
firewall
provider
hetzner
app.nix
app.nu
+2
.gitignore
··· 1 + result 2 + .hetzner
+2 -5
firewall/provider/hetzner/app.nix
··· 1 1 {pkgs, lib ? pkgs.lib, taggedPorts, id}: let 2 2 l = lib // (import ./rules.nix {inherit lib;}); 3 - 4 3 firewallRules = 5 4 builtins.toFile 6 5 "hetzner-firewall-${toString id}-rules.json" 7 6 (builtins.toJSON (l.mkFirewallRuleset taggedPorts)); 8 - in pkgs.writers.writeNu "apply-hetzner" '' 9 - let firewallId = ${toString id} 10 - let rulesFile = "${firewallRules}" 11 - ${l.fileContents ./app.nu} 7 + in pkgs.writers.writeNu "apply-hetzner-firewall-${toString id}" '' 8 + nu ${./app.nu} ${toString id} ${firewallRules} 12 9 ''
+33 -27
firewall/provider/hetzner/app.nu
··· 1 1 use std/log 2 2 3 - let authHeader = ["authorization" $"Bearer ($env.HETZNER_API_TOKEN)"] 3 + def main [firewallId: number, rulesFile: path, --auth-token (-t): string] { 4 + let auth_token: string = if $auth_token == null { $env.HETZNER_API_TOKEN? } else { $auth_token } 5 + let authHeader: list<string> = ["authorization" $"Bearer ($auth_token)"] 4 6 5 - def makeApiUrl [path: string] { 6 - return $"https://api.hetzner.cloud/v1($path)" 7 - } 8 - def post [path: string] { 9 - $in | http post -e --full -H $authHeader --content-type application/json (makeApiUrl $path) 10 - } 11 - def get [path: string] { 12 - http get -e --full -H $authHeader (makeApiUrl $path) 13 - } 7 + def makeApiUrl [path: string] { 8 + return $"https://api.hetzner.cloud/v1($path)" 9 + } 10 + def post [path: string] { 11 + $in | http post -e --full -H $authHeader --content-type application/json (makeApiUrl $path) 12 + } 13 + def get [path: string] { 14 + http get -e --full -H $authHeader (makeApiUrl $path) 15 + } 14 16 15 - # first fetch firewall to see if it even exists 16 - let resp = get $"/firewalls/($firewallId)" 17 - if $resp.status == 404 { 18 - log error $"provided firewall \(id ($firewallId)\) does not exist" 19 - exit 1 20 - } 21 - let firewall = $resp.body | get firewall 17 + # first fetch firewall to see if it even exists 18 + let resp = get $"/firewalls/($firewallId)" 19 + if $resp.status == 404 { 20 + log error $"provided firewall \(id ($firewallId)\) does not exist" 21 + exit 1 22 + } else if $resp.status != 200 { 23 + log error $"could not get firewall \(id ($firewallId)\):\n($resp.body.error | to text -n)" 24 + exit 1 25 + } 26 + let firewall = $resp.body | get firewall 22 27 23 - # backup firewall 24 - let backupPath = $".hetzner/($firewallId).json" 25 - mkdir .hetzner; $firewall | to json | save -f $backupPath 26 - log info $"backing up firewall ($firewallId) to ($backupPath)" 28 + # backup firewall 29 + let backupPath = $".hetzner/($firewallId).json" 30 + mkdir .hetzner; $firewall | to json | save -f $backupPath 31 + log info $"backing up firewall ($firewallId) to ($backupPath)" 27 32 28 - # apply rules 29 - let resp = open $rulesFile | post $"/firewalls/($firewallId)/actions/set_rules" 30 - if $resp.status != 201 { 31 - log error $"could not apply firewall \(id ($firewallId)\):\n($resp.body | to text)" 32 - exit 2 33 + # apply rules 34 + let resp = open $rulesFile | post $"/firewalls/($firewallId)/actions/set_rules" 35 + if $resp.status != 201 { 36 + log error $"could not apply firewall \(id ($firewallId)\):\n($resp.body.error | to text -n)" 37 + exit 2 38 + } 39 + log info $"applied firewall ($firewallId)" 33 40 } 34 - log info $"applied firewall ($firewallId)"