aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2023-06-02 15:40:43 +0200
committerAlex Auvolat <alex@adnab.me>2023-06-02 15:40:43 +0200
commit14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3 (patch)
treef63cef553bc6b4919e0ff23c84589a71f56d6d22
parentc31de0e94fed68cb25dbf15fc5a95008351b3e19 (diff)
downloadnixcfg-14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3.tar.gz
nixcfg-14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3.zip
màj config gitea
-rw-r--r--cluster/prod/app/core/deploy/bottin.hcl2
-rw-r--r--cluster/prod/app/core/deploy/d53.hcl40
-rw-r--r--cluster/prod/app/core/deploy/diplonat.hcl5
-rw-r--r--cluster/prod/app/core/deploy/tricot.hcl8
-rwxr-xr-xcluster/prod/register_external_services.sh18
-rw-r--r--cluster/prod/site/bespin.nix10
6 files changed, 75 insertions, 8 deletions
diff --git a/cluster/prod/app/core/deploy/bottin.hcl b/cluster/prod/app/core/deploy/bottin.hcl
index 40bb5af..a7d8694 100644
--- a/cluster/prod/app/core/deploy/bottin.hcl
+++ b/cluster/prod/app/core/deploy/bottin.hcl
@@ -1,4 +1,4 @@
-job "core:bottin" {
+job "core-bottin" {
datacenters = ["orion", "neptune", "scorpio"]
type = "system"
priority = 90
diff --git a/cluster/prod/app/core/deploy/d53.hcl b/cluster/prod/app/core/deploy/d53.hcl
index 8baf781..81a88ff 100644
--- a/cluster/prod/app/core/deploy/d53.hcl
+++ b/cluster/prod/app/core/deploy/d53.hcl
@@ -1,4 +1,4 @@
-job "core:d53" {
+job "core-d53" {
datacenters = ["neptune", "orion", "bespin"]
type = "service"
priority = 90
@@ -61,4 +61,42 @@ EOH
}
}
}
+
+ # Dummy task for Gitea (still on an external VM), runs on any bespin node
+ # and allows D53 to automatically update the A record for git.deuxfleurs.fr
+ # to the IPv4 address of the bespin site (that changes occasionnaly)
+ group "gitea-dummy" {
+ count = 1
+
+ network {
+ port "dummy" {
+ to = 999
+ }
+ }
+
+ task "main" {
+ driver = "docker"
+
+ constraint {
+ attribute = "${meta.site}"
+ operator = "="
+ value = "bespin"
+ }
+
+ config {
+ image = "alpine"
+ command = "sh"
+ args = ["-c", "while true; do echo x; sleep 60; done"]
+ ports = [ "dummy" ]
+ }
+
+ service {
+ name = "gitea-dummy"
+ port = "dummy"
+ tags = [
+ "d53-a git.deuxfleurs.fr",
+ ]
+ }
+ }
+ }
}
diff --git a/cluster/prod/app/core/deploy/diplonat.hcl b/cluster/prod/app/core/deploy/diplonat.hcl
index d6f8423..078e811 100644
--- a/cluster/prod/app/core/deploy/diplonat.hcl
+++ b/cluster/prod/app/core/deploy/diplonat.hcl
@@ -1,4 +1,4 @@
-job "core:diplonat" {
+job "core-diplonat" {
datacenters = ["orion", "neptune", "scorpio", "bespin"]
type = "system"
priority = 90
@@ -53,9 +53,6 @@ DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
-{{ if env "meta.site" | eq "bespin" }}
-DIPLONAT_IPV6_ONLY=true
-{{ end }}
RUST_LOG=debug
EOH
destination = "secrets/env"
diff --git a/cluster/prod/app/core/deploy/tricot.hcl b/cluster/prod/app/core/deploy/tricot.hcl
index 7c3bada..6640dec 100644
--- a/cluster/prod/app/core/deploy/tricot.hcl
+++ b/cluster/prod/app/core/deploy/tricot.hcl
@@ -1,5 +1,9 @@
-job "core:tricot" {
- datacenters = ["orion", "neptune", "scorpio", "bespin"]
+job "core-tricot" {
+ # bespin pas pour l'instant, on a des soucis de SSL avec gitea
+ # on pourra mettre bespin quand on aura migré gitea de la vm vers le cluster
+ # en attendant, les deux ne sont pas capables de partager les certificats SSL
+ # donc on laisse la VM gitea gérer les certifs et prendre tout le trafic http(s)
+ datacenters = ["orion", "neptune", "scorpio"]
type = "system"
priority = 90
diff --git a/cluster/prod/register_external_services.sh b/cluster/prod/register_external_services.sh
index 3b6a35e..7db4e7a 100755
--- a/cluster/prod/register_external_services.sh
+++ b/cluster/prod/register_external_services.sh
@@ -60,6 +60,24 @@ curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: app
}
EOF
+curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
+{
+ "Datacenter": "prod",
+ "Node": "lindy",
+ "Address": "192.168.1.184",
+ "NodeMeta": {
+ "site": "neptune",
+ "cname_target": "neptune.site.deuxfleurs.fr."
+ },
+ "Service": {
+ "Service": "lx-apimtest",
+ "Tags": ["tricot apimtest.adnab.me"],
+ "Address": "192.168.1.184",
+ "Port": 8920
+ }
+}
+EOF
+
curl -vv -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
{
diff --git a/cluster/prod/site/bespin.nix b/cluster/prod/site/bespin.nix
index cdce53e..57812a1 100644
--- a/cluster/prod/site/bespin.nix
+++ b/cluster/prod/site/bespin.nix
@@ -4,4 +4,14 @@
deuxfleurs.siteName = "bespin";
deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr.";
+
+ # Allow all ports from gateway for janky UPnP/IGD daemon
+ # networking.firewall = {
+ # extraCommands = ''
+ # iptables -A INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
+ # '';
+ # extraStopCommands = ''
+ # iptables -D INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
+ # '';
+ # };
}