Merge pull request 'Simplify network configuration' (#11) from simplify-network-config into main

Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/11

5 files changed, 87 insertions, 66 deletions

diff --git a/cluster/staging/app/core/deploy/core-service.hcl b/cluster/staging/app/core/deploy/d53.hcl
index 6799e01..fb1c1bf 100644
--- a/cluster/staging/app/core/deploy/core-service.hcl
+++ b/cluster/staging/app/core/deploy/d53.hcl
@@ -1,4 +1,4 @@
-job "core-service" {
+job "core:d53" {
   datacenters = ["neptune", "jupiter", "corrin", "bespin"]
   type = "service"
   priority = 90
@@ -11,7 +11,7 @@ job "core-service" {
 
       config {
         packages = [
-          "git+https://git.deuxfleurs.fr/lx/D53.git?ref=main&rev=86c255dfeabc60b0ef46ff78bc487c61c9548c79"
+          "git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=49d94dae1d753c1f3349be7ea9bc7e7978c0af15"
         ]
         command = "d53"
       }
@@ -52,7 +52,7 @@ D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
 D53_PROVIDERS=deuxfleurs.org:gandi
 D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
 D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
-RUST_LOG=d53=info
+RUST_LOG=d53=debug
 EOH
         destination = "secrets/env"
         env = true
diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl
new file mode 100644
index 0000000..ba1e4b5
--- /dev/null
+++ b/cluster/staging/app/core/deploy/diplonat.hcl
@@ -0,0 +1,75 @@
+job "core:diplonat" {
+  datacenters = ["neptune", "jupiter", "corrin", "bespin"]
+  type = "system"
+  priority = 90
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  update {
+    max_parallel     = 3
+    stagger = "20s"
+  }
+
+  group "diplonat" {
+    task "diplonat" {
+      driver = "nix2"
+
+      config {
+        packages = [
+          "#iptables",
+		  "#bash",
+		  "#coreutils",
+          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=stun&rev=f5fc635b75dfa17b83a8db4893a7be206b4f9892"
+        ]
+        command = "diplonat"
+      }
+      user = "root"
+
+      restart {
+        interval = "30m"
+        attempts = 2
+        delay    = "15s"
+        mode     = "delay"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+        destination = "etc/diplonat/consul-ca.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
+        destination = "etc/diplonat/consul-client.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.key\" }}"
+        destination = "etc/diplonat/consul-client.key"
+      }
+
+      template {
+        data = <<EOH
+DIPLONAT_REFRESH_TIME=60
+DIPLONAT_EXPIRATION_TIME=300
+DIPLONAT_IPV6_ONLY=true
+DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
+DIPLONAT_CONSUL_URL=https://localhost:8501
+DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
+DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
+DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
+RUST_LOG=debug
+RUST_BACKTRACE=1
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+
+      resources {
+        memory = 100
+      }
+    }
+  }
+}
diff --git a/cluster/staging/app/core/deploy/core-system.hcl b/cluster/staging/app/core/deploy/tricot.hcl
index 05fa0f2..7547a53 100644
--- a/cluster/staging/app/core/deploy/core-system.hcl
+++ b/cluster/staging/app/core/deploy/tricot.hcl
@@ -1,4 +1,4 @@
-job "core-system" {
+job "core:tricot" {
   datacenters = ["neptune", "jupiter", "corrin", "bespin"]
   type = "system"
   priority = 90
@@ -13,64 +13,6 @@ job "core-system" {
     stagger = "1m"
   }
 
-/*
-  group "diplonat" {
-    task "diplonat" {
-      driver = "nix2"
-
-      config {
-        packages = [
-          "#iptables",
-          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=f306e8dc8d0e93478353ce39b6064e8c06a8bca6"
-        ]
-        command = "diplonat"
-      }
-      user = "root"
-
-      restart {
-        interval = "30m"
-        attempts = 2
-        delay    = "15s"
-        mode     = "delay"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
-        destination = "etc/diplonat/consul-ca.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
-        destination = "etc/diplonat/consul-client.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.key\" }}"
-        destination = "etc/diplonat/consul-client.key"
-      }
-
-      template {
-        data = <<EOH
-DIPLONAT_REFRESH_TIME=60
-DIPLONAT_EXPIRATION_TIME=300
-DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
-DIPLONAT_CONSUL_URL=https://localhost:8501
-DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
-DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
-DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
-RUST_LOG=debug
-EOH
-        destination = "secrets/env"
-        env = true
-      }
-
-      resources {
-        memory = 40
-      }
-    }
-  }
-  */
-
   group "tricot" {
     network {
       port "http_port" { static = 80 }
@@ -130,6 +72,7 @@ TRICOT_HTTP_BIND_ADDR=[::]:80
 TRICOT_HTTPS_BIND_ADDR=[::]:443
 TRICOT_METRICS_BIND_ADDR=[::]:9334
 RUST_LOG=tricot=debug
+RUST_BACKTRACE=1
 EOH
         destination = "secrets/env"
         env = true
@@ -141,7 +84,7 @@ EOH
         tags = [
           "d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
           "d53-aaaa staging.deuxfleurs.org",
-          # "(diplonat (tcp_port 80))"
+          "(diplonat (tcp_port 80))"
         ]
         address_mode = "host"
       }
@@ -150,7 +93,7 @@ EOH
         name = "tricot-https"
         port = "https_port"
         tags = [
-          # "(diplonat (tcp_port 443))"
+          "(diplonat (tcp_port 443))"
         ]
         address_mode = "host"
       }
diff --git a/cluster/staging/app/garage/config/garage.toml b/cluster/staging/app/garage/config/garage.toml
index f14a602..26e0361 100644
--- a/cluster/staging/app/garage/config/garage.toml
+++ b/cluster/staging/app/garage/config/garage.toml
@@ -6,8 +6,10 @@ db_engine = "lmdb"
 
 replication_mode = "3"
 
-rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3991"
-rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3991"
+{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
+rpc_bind_addr = "[{{ $a.address }}]:3991"
+rpc_public_addr = "[{{ $a.address }}]:3991"
+{{ end }}
 rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
 
 bootstrap_peers = []
diff --git a/cluster/staging/app/garage/deploy/garage.hcl b/cluster/staging/app/garage/deploy/garage.hcl
index 6e37d82..1fc969b 100644
--- a/cluster/staging/app/garage/deploy/garage.hcl
+++ b/cluster/staging/app/garage/deploy/garage.hcl
@@ -25,6 +25,7 @@ job "garage-staging" {
       config {
         packages = [
           "#bash", # so that we can enter a shell inside container
+          "#coreutils",
           "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=0d0906b066eb76111f3b427dce1c50eac083366c",
         ]
         command = "garage"