diff options
author | Alex Auvolat <alex@adnab.me> | 2023-04-18 13:27:22 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2023-10-18 12:03:11 +0200 |
commit | 17ebb652730f69f53fe7d2b31fbf2db2075b9be7 (patch) | |
tree | 9cb701289cb81bfc3eb10da0137bdb56d3942a67 /script/jepsen.garage/garage-cluster.nix | |
parent | 7011b71fbd782e199417ce9afa44a8c220885b4a (diff) | |
download | garage-17ebb652730f69f53fe7d2b31fbf2db2075b9be7.tar.gz garage-17ebb652730f69f53fe7d2b31fbf2db2075b9be7.zip |
jepsen ssh into containers seem to work ?
Diffstat (limited to 'script/jepsen.garage/garage-cluster.nix')
-rw-r--r-- | script/jepsen.garage/garage-cluster.nix | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/script/jepsen.garage/garage-cluster.nix b/script/jepsen.garage/garage-cluster.nix index 32fedc04..ebc73aaf 100644 --- a/script/jepsen.garage/garage-cluster.nix +++ b/script/jepsen.garage/garage-cluster.nix @@ -29,30 +29,36 @@ let services.openssh = { enable = true; permitRootLogin = "yes"; + kexAlgorithms = [ "curve25519-sha256@libssh.org" "ecdh-sha2-nistp256" "ecdh-sha2-nistp384" "ecdh-sha2-nistp521" "diffie-hellman-group-exchange-sha256" "diffie-hellman-group14-sha1" "diffie-hellman-group-exchange-sha1" "diffie-hellman-group1-sha1" ]; }; users.users.root.initialPassword = "root"; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9" + ]; system.stateVersion = "22.11"; services.garage = { enable = true; logLevel = "debug"; - settings.replication_mode = "3"; + settings = { + replication_mode = "3"; + db_engine = "lmdb"; + rpc_secret = "b597bb28ebdc90cdc4f15712733ca678cfb9a7e0311e0b9e93db9610fc3685e6"; + rpc_bind_addr = "0.0.0.0:3901"; + s3_api = { + region = "garage"; + api_bind_addr = "0.0.0.0:3900"; + }; + k2v_api.api_bind_addr = "0.0.0.0:3902"; + admin = { + api_bind_addr = "0.0.0.0:3903"; + admin_token = "icanhazadmin"; + }; + }; }; - # Workaround for nixos-container issue - # (see https://github.com/NixOS/nixpkgs/issues/67265 and - # https://github.com/NixOS/nixpkgs/pull/81371#issuecomment-605526099). - # The etcd service is of type "notify", which means that - # etcd would not be considered started until etcd is fully online; - # however, since NixOS container networking only works sometime *after* - # multi-user.target, we forgo etcd's notification entirely. - systemd.services.etcd.serviceConfig.Type = lib.mkForce "exec"; - - systemd.services.etcd.serviceConfig.StandardOutput = "file:/var/log/etcd.log"; - systemd.services.etcd.serviceConfig.StandardError = "file:/var/log/etcd.log"; - - networking.firewall.allowedTCPPorts = [ 2379 2380 ]; + networking.firewall.allowedTCPPorts = [ 3901 3900 3902 3903 ]; }; }; in |