diff options
author | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:48:18 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-08-24 15:48:18 +0200 |
commit | 41128f4c36f79def480b8cb866205296d703f247 (patch) | |
tree | 1ffaf8cd67d528b0eb9ee7943119157e3efdcfb2 | |
parent | 981294e3d7a180a3c08f8173dc652b73b6e2bd07 (diff) | |
download | nixcfg-41128f4c36f79def480b8cb866205296d703f247.tar.gz nixcfg-41128f4c36f79def480b8cb866205296d703f247.zip |
Clone core module in staging and prod, move bad stuff to experimental
-rw-r--r-- | cluster/prod/app/core/deploy/core.hcl (renamed from app/core/deploy/core.hcl) | 0 | ||||
l--------- | cluster/prod/app/secretmgr.py | 1 | ||||
l--------- | cluster/prod/app/shell.nix | 1 | ||||
-rw-r--r-- | cluster/staging/app/core/deploy/core.hcl | 71 | ||||
l--------- | cluster/staging/app/secretmgr.py | 1 | ||||
l--------- | cluster/staging/app/shell.nix | 1 | ||||
-rw-r--r-- | experimental/bad.csi-s3/deploy/csi-s3.hcl (renamed from app/bad.csi-s3/deploy/csi-s3.hcl) | 0 | ||||
-rw-r--r-- | experimental/bad.csi-s3/deploy/dummy-volume.hcl (renamed from app/bad.csi-s3/deploy/dummy-volume.hcl) | 0 | ||||
-rw-r--r-- | experimental/bad.nextcloud/config/litestream.yml (renamed from app/bad.nextcloud/config/litestream.yml) | 0 | ||||
-rw-r--r-- | experimental/bad.nextcloud/deploy/nextcloud.hcl (renamed from app/bad.nextcloud/deploy/nextcloud.hcl) | 0 | ||||
-rw-r--r-- | experimental/bad.nextcloud/secrets/nextcloud/admin_pass (renamed from app/bad.nextcloud/secrets/nextcloud/admin_pass) | 0 | ||||
-rw-r--r-- | experimental/bad.nextcloud/secrets/nextcloud/admin_user (renamed from app/bad.nextcloud/secrets/nextcloud/admin_user) | 0 | ||||
-rw-r--r-- | experimental/bad.nextcloud/secrets/nextcloud/s3_access_key (renamed from app/bad.nextcloud/secrets/nextcloud/s3_access_key) | 0 | ||||
-rw-r--r-- | experimental/bad.nextcloud/secrets/nextcloud/s3_secret_key (renamed from app/bad.nextcloud/secrets/nextcloud/s3_secret_key) | 0 | ||||
-rw-r--r-- | experimental/bad.yugabyte/deploy/yugabyte.hcl (renamed from app/bad.yugabyte/deploy/yugabyte.hcl) | 0 | ||||
-rwxr-xr-x | secretmgr/secretmgr.py (renamed from app/secretmgr.py) | 0 | ||||
-rw-r--r-- | secretmgr/shell.nix (renamed from app/shell.nix) | 0 |
17 files changed, 75 insertions, 0 deletions
diff --git a/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl index f57f21d..f57f21d 100644 --- a/app/core/deploy/core.hcl +++ b/cluster/prod/app/core/deploy/core.hcl diff --git a/cluster/prod/app/secretmgr.py b/cluster/prod/app/secretmgr.py new file mode 120000 index 0000000..107653c --- /dev/null +++ b/cluster/prod/app/secretmgr.py @@ -0,0 +1 @@ +../../../secretmgr/secretmgr.py
\ No newline at end of file diff --git a/cluster/prod/app/shell.nix b/cluster/prod/app/shell.nix new file mode 120000 index 0000000..b10effc --- /dev/null +++ b/cluster/prod/app/shell.nix @@ -0,0 +1 @@ +../../../secretmgr/shell.nix
\ No newline at end of file diff --git a/cluster/staging/app/core/deploy/core.hcl b/cluster/staging/app/core/deploy/core.hcl new file mode 100644 index 0000000..f57f21d --- /dev/null +++ b/cluster/staging/app/core/deploy/core.hcl @@ -0,0 +1,71 @@ +job "core" { + datacenters = ["dc1", "neptune"] + type = "system" + priority = 90 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + update { + max_parallel = 1 + stagger = "1m" + } + + group "network" { + task "diplonat" { + driver = "docker" + + config { + image = "lxpz/amd64_diplonat:3" + network_mode = "host" + readonly_rootfs = true + volumes = [ + "secrets:/etc/diplonat", + ] + } + + restart { + interval = "30m" + attempts = 2 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +DIPLONAT_REFRESH_TIME=60 +DIPLONAT_EXPIRATION_TIME=300 +DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} +DIPLONAT_CONSUL_URL=https://localhost:8501 +DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt +DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt +DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key +RUST_LOG=debug +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 40 + } + } + } +} diff --git a/cluster/staging/app/secretmgr.py b/cluster/staging/app/secretmgr.py new file mode 120000 index 0000000..107653c --- /dev/null +++ b/cluster/staging/app/secretmgr.py @@ -0,0 +1 @@ +../../../secretmgr/secretmgr.py
\ No newline at end of file diff --git a/cluster/staging/app/shell.nix b/cluster/staging/app/shell.nix new file mode 120000 index 0000000..b10effc --- /dev/null +++ b/cluster/staging/app/shell.nix @@ -0,0 +1 @@ +../../../secretmgr/shell.nix
\ No newline at end of file diff --git a/app/bad.csi-s3/deploy/csi-s3.hcl b/experimental/bad.csi-s3/deploy/csi-s3.hcl index 8e70c6a..8e70c6a 100644 --- a/app/bad.csi-s3/deploy/csi-s3.hcl +++ b/experimental/bad.csi-s3/deploy/csi-s3.hcl diff --git a/app/bad.csi-s3/deploy/dummy-volume.hcl b/experimental/bad.csi-s3/deploy/dummy-volume.hcl index 67dfd39..67dfd39 100644 --- a/app/bad.csi-s3/deploy/dummy-volume.hcl +++ b/experimental/bad.csi-s3/deploy/dummy-volume.hcl diff --git a/app/bad.nextcloud/config/litestream.yml b/experimental/bad.nextcloud/config/litestream.yml index 46eca93..46eca93 100644 --- a/app/bad.nextcloud/config/litestream.yml +++ b/experimental/bad.nextcloud/config/litestream.yml diff --git a/app/bad.nextcloud/deploy/nextcloud.hcl b/experimental/bad.nextcloud/deploy/nextcloud.hcl index 45d1b6e..45d1b6e 100644 --- a/app/bad.nextcloud/deploy/nextcloud.hcl +++ b/experimental/bad.nextcloud/deploy/nextcloud.hcl diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_pass b/experimental/bad.nextcloud/secrets/nextcloud/admin_pass index ffc9830..ffc9830 100644 --- a/app/bad.nextcloud/secrets/nextcloud/admin_pass +++ b/experimental/bad.nextcloud/secrets/nextcloud/admin_pass diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_user b/experimental/bad.nextcloud/secrets/nextcloud/admin_user index 7ff2967..7ff2967 100644 --- a/app/bad.nextcloud/secrets/nextcloud/admin_user +++ b/experimental/bad.nextcloud/secrets/nextcloud/admin_user diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_access_key b/experimental/bad.nextcloud/secrets/nextcloud/s3_access_key index 692dc34..692dc34 100644 --- a/app/bad.nextcloud/secrets/nextcloud/s3_access_key +++ b/experimental/bad.nextcloud/secrets/nextcloud/s3_access_key diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_secret_key b/experimental/bad.nextcloud/secrets/nextcloud/s3_secret_key index 8bef13c..8bef13c 100644 --- a/app/bad.nextcloud/secrets/nextcloud/s3_secret_key +++ b/experimental/bad.nextcloud/secrets/nextcloud/s3_secret_key diff --git a/app/bad.yugabyte/deploy/yugabyte.hcl b/experimental/bad.yugabyte/deploy/yugabyte.hcl index e7efa7a..e7efa7a 100644 --- a/app/bad.yugabyte/deploy/yugabyte.hcl +++ b/experimental/bad.yugabyte/deploy/yugabyte.hcl diff --git a/app/secretmgr.py b/secretmgr/secretmgr.py index 8b17f61..8b17f61 100755 --- a/app/secretmgr.py +++ b/secretmgr/secretmgr.py diff --git a/app/shell.nix b/secretmgr/shell.nix index c9b8053..c9b8053 100644 --- a/app/shell.nix +++ b/secretmgr/shell.nix |