1 files changed, 64 insertions, 0 deletions
diff --git a/script/jepsen.garage/garage-cluster.nix b/script/jepsen.garage/garage-cluster.nix
new file mode 100644
index 00000000..32fedc04
--- /dev/null
+++ b/script/jepsen.garage/garage-cluster.nix
@@ -0,0 +1,64 @@
+{ config, lib, pkgs, ... }:
+let
+  unstable = import ./unstable.nix;
+  addressMap =
+    {
+      "n1" = { localAddress = "10.233.0.101"; hostAddress = "10.233.1.101"; };
+      "n2" = { localAddress = "10.233.0.102"; hostAddress = "10.233.1.102"; };
+      "n3" = { localAddress = "10.233.0.103"; hostAddress = "10.233.1.103"; };
+      "n4" = { localAddress = "10.233.0.104"; hostAddress = "10.233.1.104"; };
+      "n5" = { localAddress = "10.233.0.105"; hostAddress = "10.233.1.105"; };
+    };
+  toHostsEntry = name: { localAddress, ... }: "${localAddress} ${name}";
+  extraHosts =
+    builtins.concatStringsSep "\n"
+      (lib.attrsets.mapAttrsToList toHostsEntry addressMap);
+  nodeConfig = hostName: { localAddress, hostAddress }: {
+    inherit localAddress hostAddress;
+
+    ephemeral = true;
+    autoStart = true;
+    privateNetwork = true;
+
+    config = { config, pkgs, ... }:
+      {
+        networking = {
+          inherit hostName extraHosts;
+        };
+
+        services.openssh = {
+          enable = true;
+          permitRootLogin = "yes";
+        };
+        users.users.root.initialPassword = "root";
+
+        system.stateVersion = "22.11";
+
+        services.garage = {
+          enable = true;
+          logLevel = "debug";
+          settings.replication_mode = "3";
+        };
+
+        # Workaround for nixos-container issue
+        # (see https://github.com/NixOS/nixpkgs/issues/67265 and
+        # https://github.com/NixOS/nixpkgs/pull/81371#issuecomment-605526099).
+        # The etcd service is of type "notify", which means that
+        # etcd would not be considered started until etcd is fully online;
+        # however, since NixOS container networking only works sometime *after*
+        # multi-user.target, we forgo etcd's notification entirely.
+        systemd.services.etcd.serviceConfig.Type = lib.mkForce "exec";
+
+        systemd.services.etcd.serviceConfig.StandardOutput = "file:/var/log/etcd.log";
+        systemd.services.etcd.serviceConfig.StandardError = "file:/var/log/etcd.log";
+
+        networking.firewall.allowedTCPPorts = [ 2379 2380 ];
+      };
+  };
+in
+{
+  containers = lib.attrsets.mapAttrs nodeConfig addressMap;
+  networking = {
+    inherit extraHosts;
+  };
+}