diff options
| author | Alex Auvolat <alex@adnab.me> | 2023-04-20 15:13:13 +0200 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2023-04-20 15:13:13 +0200 |
| commit | b4e82e37e4e1718dfffa70cd0c6222c1b34fc997 (patch) | |
| tree | fa328238ba779da3189905630ff30127c6c38467 | |
| parent | e5f9f3c8495a8f0e6b9c46b56d207b57aad3ec3d (diff) | |
| download | nixcfg-b4e82e37e4e1718dfffa70cd0c6222c1b34fc997.tar.gz nixcfg-b4e82e37e4e1718dfffa70cd0c6222c1b34fc997.zip | |
diplonat with fixed iptables thing
| -rw-r--r-- | cluster/staging/app/core/deploy/d53.hcl (renamed from cluster/staging/app/core/deploy/core-service.hcl) | 2 | ||||
| -rw-r--r-- | cluster/staging/app/core/deploy/diplonat.hcl | 75 | ||||
| -rw-r--r-- | cluster/staging/app/core/deploy/tricot.hcl (renamed from cluster/staging/app/core/deploy/core-system.hcl) | 60 |
3 files changed, 78 insertions, 59 deletions
diff --git a/cluster/staging/app/core/deploy/core-service.hcl b/cluster/staging/app/core/deploy/d53.hcl index bf835c7..5d57eb3 100644 --- a/cluster/staging/app/core/deploy/core-service.hcl +++ b/cluster/staging/app/core/deploy/d53.hcl @@ -1,4 +1,4 @@ -job "core-service" { +job "core:d53" { datacenters = ["neptune", "jupiter", "corrin", "bespin"] type = "service" priority = 90 diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl new file mode 100644 index 0000000..ba1e4b5 --- /dev/null +++ b/cluster/staging/app/core/deploy/diplonat.hcl @@ -0,0 +1,75 @@ +job "core:diplonat" { + datacenters = ["neptune", "jupiter", "corrin", "bespin"] + type = "system" + priority = 90 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + update { + max_parallel = 3 + stagger = "20s" + } + + group "diplonat" { + task "diplonat" { + driver = "nix2" + + config { + packages = [ + "#iptables", + "#bash", + "#coreutils", + "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=stun&rev=f5fc635b75dfa17b83a8db4893a7be206b4f9892" + ] + command = "diplonat" + } + user = "root" + + restart { + interval = "30m" + attempts = 2 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "etc/diplonat/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "etc/diplonat/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "etc/diplonat/consul-client.key" + } + + template { + data = <<EOH +DIPLONAT_REFRESH_TIME=60 +DIPLONAT_EXPIRATION_TIME=300 +DIPLONAT_IPV6_ONLY=true +DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} +DIPLONAT_CONSUL_URL=https://localhost:8501 +DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt +DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt +DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key +RUST_LOG=debug +RUST_BACKTRACE=1 +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 100 + } + } + } +} diff --git a/cluster/staging/app/core/deploy/core-system.hcl b/cluster/staging/app/core/deploy/tricot.hcl index 1d3eb84..7547a53 100644 --- a/cluster/staging/app/core/deploy/core-system.hcl +++ b/cluster/staging/app/core/deploy/tricot.hcl @@ -1,4 +1,4 @@ -job "core-system" { +job "core:tricot" { datacenters = ["neptune", "jupiter", "corrin", "bespin"] type = "system" priority = 90 @@ -13,63 +13,6 @@ job "core-system" { stagger = "1m" } - group "diplonat" { - task "diplonat" { - driver = "nix2" - - config { - packages = [ - "#iptables", - "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=stun&rev=21ab77b8288630c5f39a30b098c6a3888df622a1" - ] - command = "diplonat" - } - user = "root" - - restart { - interval = "30m" - attempts = 2 - delay = "15s" - mode = "delay" - } - - template { - data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "etc/diplonat/consul-ca.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "etc/diplonat/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "etc/diplonat/consul-client.key" - } - - template { - data = <<EOH -DIPLONAT_REFRESH_TIME=60 -DIPLONAT_EXPIRATION_TIME=300 -DIPLONAT_IPV6_ONLY=true -DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} -DIPLONAT_CONSUL_URL=https://localhost:8501 -DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt -DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt -DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key -RUST_LOG=debug -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 100 - } - } - } - group "tricot" { network { port "http_port" { static = 80 } @@ -129,6 +72,7 @@ TRICOT_HTTP_BIND_ADDR=[::]:80 TRICOT_HTTPS_BIND_ADDR=[::]:443 TRICOT_METRICS_BIND_ADDR=[::]:9334 RUST_LOG=tricot=debug +RUST_BACKTRACE=1 EOH destination = "secrets/env" env = true |