Clone core module in staging and prod, move bad stuff to experimental

17 files changed, 75 insertions, 0 deletions

diff --git a/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl
index f57f21d..f57f21d 100644
--- a/app/core/deploy/core.hcl
+++ b/cluster/prod/app/core/deploy/core.hcl
diff --git a/cluster/prod/app/secretmgr.py b/cluster/prod/app/secretmgr.py
new file mode 120000
index 0000000..107653c
--- /dev/null
+++ b/cluster/prod/app/secretmgr.py
@@ -0,0 +1 @@
+../../../secretmgr/secretmgr.py
\ No newline at end of file
diff --git a/cluster/prod/app/shell.nix b/cluster/prod/app/shell.nix
new file mode 120000
index 0000000..b10effc
--- /dev/null
+++ b/cluster/prod/app/shell.nix
@@ -0,0 +1 @@
+../../../secretmgr/shell.nix
\ No newline at end of file
diff --git a/cluster/staging/app/core/deploy/core.hcl b/cluster/staging/app/core/deploy/core.hcl
new file mode 100644
index 0000000..f57f21d
--- /dev/null
+++ b/cluster/staging/app/core/deploy/core.hcl
@@ -0,0 +1,71 @@
+job "core" {
+  datacenters = ["dc1", "neptune"]
+  type = "system"
+  priority = 90
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  update {
+    max_parallel     = 1
+    stagger = "1m"
+  }
+
+  group "network" {
+    task "diplonat" {
+      driver = "docker"
+
+      config {
+        image = "lxpz/amd64_diplonat:3"
+        network_mode = "host"
+        readonly_rootfs = true
+        volumes = [
+          "secrets:/etc/diplonat",
+        ]
+      }
+
+      restart {
+        interval = "30m"
+        attempts = 2
+        delay    = "15s"
+        mode     = "delay"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+        destination = "secrets/consul-ca.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
+        destination = "secrets/consul-client.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.key\" }}"
+        destination = "secrets/consul-client.key"
+      }
+
+      template {
+        data = <<EOH
+DIPLONAT_REFRESH_TIME=60
+DIPLONAT_EXPIRATION_TIME=300
+DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
+DIPLONAT_CONSUL_URL=https://localhost:8501
+DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
+DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
+DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
+RUST_LOG=debug
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+
+      resources {
+        memory = 40
+      }
+    }
+  }
+}
diff --git a/cluster/staging/app/secretmgr.py b/cluster/staging/app/secretmgr.py
new file mode 120000
index 0000000..107653c
--- /dev/null
+++ b/cluster/staging/app/secretmgr.py
@@ -0,0 +1 @@
+../../../secretmgr/secretmgr.py
\ No newline at end of file
diff --git a/cluster/staging/app/shell.nix b/cluster/staging/app/shell.nix
new file mode 120000
index 0000000..b10effc
--- /dev/null
+++ b/cluster/staging/app/shell.nix
@@ -0,0 +1 @@
+../../../secretmgr/shell.nix
\ No newline at end of file
diff --git a/app/bad.csi-s3/deploy/csi-s3.hcl b/experimental/bad.csi-s3/deploy/csi-s3.hcl
index 8e70c6a..8e70c6a 100644
--- a/app/bad.csi-s3/deploy/csi-s3.hcl
+++ b/experimental/bad.csi-s3/deploy/csi-s3.hcl
diff --git a/app/bad.csi-s3/deploy/dummy-volume.hcl b/experimental/bad.csi-s3/deploy/dummy-volume.hcl
index 67dfd39..67dfd39 100644
--- a/app/bad.csi-s3/deploy/dummy-volume.hcl
+++ b/experimental/bad.csi-s3/deploy/dummy-volume.hcl
diff --git a/app/bad.nextcloud/config/litestream.yml b/experimental/bad.nextcloud/config/litestream.yml
index 46eca93..46eca93 100644
--- a/app/bad.nextcloud/config/litestream.yml
+++ b/experimental/bad.nextcloud/config/litestream.yml
diff --git a/app/bad.nextcloud/deploy/nextcloud.hcl b/experimental/bad.nextcloud/deploy/nextcloud.hcl
index 45d1b6e..45d1b6e 100644
--- a/app/bad.nextcloud/deploy/nextcloud.hcl
+++ b/experimental/bad.nextcloud/deploy/nextcloud.hcl
diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_pass b/experimental/bad.nextcloud/secrets/nextcloud/admin_pass
index ffc9830..ffc9830 100644
--- a/app/bad.nextcloud/secrets/nextcloud/admin_pass
+++ b/experimental/bad.nextcloud/secrets/nextcloud/admin_pass
diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_user b/experimental/bad.nextcloud/secrets/nextcloud/admin_user
index 7ff2967..7ff2967 100644
--- a/app/bad.nextcloud/secrets/nextcloud/admin_user
+++ b/experimental/bad.nextcloud/secrets/nextcloud/admin_user
diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_access_key b/experimental/bad.nextcloud/secrets/nextcloud/s3_access_key
index 692dc34..692dc34 100644
--- a/app/bad.nextcloud/secrets/nextcloud/s3_access_key
+++ b/experimental/bad.nextcloud/secrets/nextcloud/s3_access_key
diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_secret_key b/experimental/bad.nextcloud/secrets/nextcloud/s3_secret_key
index 8bef13c..8bef13c 100644
--- a/app/bad.nextcloud/secrets/nextcloud/s3_secret_key
+++ b/experimental/bad.nextcloud/secrets/nextcloud/s3_secret_key
diff --git a/app/bad.yugabyte/deploy/yugabyte.hcl b/experimental/bad.yugabyte/deploy/yugabyte.hcl
index e7efa7a..e7efa7a 100644
--- a/app/bad.yugabyte/deploy/yugabyte.hcl
+++ b/experimental/bad.yugabyte/deploy/yugabyte.hcl
diff --git a/app/secretmgr.py b/secretmgr/secretmgr.py
index 8b17f61..8b17f61 100755
--- a/app/secretmgr.py
+++ b/secretmgr/secretmgr.py
diff --git a/app/shell.nix b/secretmgr/shell.nix
index c9b8053..c9b8053 100644
--- a/app/shell.nix
+++ b/secretmgr/shell.nix