diff options
author | Alex Auvolat <alex@adnab.me> | 2022-12-07 16:35:21 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-12-07 16:35:21 +0100 |
commit | 4c50dd57f1312f7541cd5b38dc4606d352e5e13a (patch) | |
tree | 9786b9c1c503007b968523c1abb00738ff588b62 /cluster/staging | |
parent | ab97a7bffd9b369bb55220b4542de3ccddda5803 (diff) | |
download | nixcfg-4c50dd57f1312f7541cd5b38dc4606d352e5e13a.tar.gz nixcfg-4c50dd57f1312f7541cd5b38dc4606d352e5e13a.zip |
staging: reorganize core services and add D53
Diffstat (limited to 'cluster/staging')
-rw-r--r-- | cluster/staging/app/core/deploy/core-service.hcl | 62 | ||||
-rw-r--r-- | cluster/staging/app/core/deploy/core-system.hcl (renamed from cluster/staging/app/frontend/deploy/frontend-tricot.hcl) | 83 | ||||
-rw-r--r-- | cluster/staging/app/core/deploy/core.hcl | 71 | ||||
-rw-r--r-- | cluster/staging/app/directory/deploy/directory.hcl | 2 | ||||
-rw-r--r-- | cluster/staging/app/telemetry/deploy/telemetry.hcl | 6 |
5 files changed, 143 insertions, 81 deletions
diff --git a/cluster/staging/app/core/deploy/core-service.hcl b/cluster/staging/app/core/deploy/core-service.hcl new file mode 100644 index 0000000..3f4b343 --- /dev/null +++ b/cluster/staging/app/core/deploy/core-service.hcl @@ -0,0 +1,62 @@ +job "core-service" { + datacenters = ["neptune"] + type = "service" + priority = 90 + + group "D53" { + count = 1 + + task "d53" { + driver = "nix2" + + config { + packages = [ + "git+https://git.deuxfleurs.fr/lx/D53.git?ref=main&rev=ed2653ae7dba9c072dcca1aed03b7cda0d910c85" + ] + command = "d53" + } + + resources { + cpu = 100 + memory = 100 + } + + restart { + interval = "3m" + attempts = 10 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "etc/tricot/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "etc/tricot/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "etc/tricot/consul-client.key" + } + + template { + data = <<EOH +D53_CONSUL_HOST=https://localhost:8501 +D53_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt +D53_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt +D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key +D53_PROVIDER=gandi +D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }} +D53_ALLOWED_DOMAINS=staging.deuxfleurs.org +RUST_LOG=d53=info +EOH + destination = "secrets/env" + env = true + } + } + } +} diff --git a/cluster/staging/app/frontend/deploy/frontend-tricot.hcl b/cluster/staging/app/core/deploy/core-system.hcl index 49d5672..eb34008 100644 --- a/cluster/staging/app/frontend/deploy/frontend-tricot.hcl +++ b/cluster/staging/app/core/deploy/core-system.hcl @@ -1,14 +1,75 @@ -job "frontend" { +job "core-system" { datacenters = ["neptune"] - type = "service" + type = "system" priority = 90 - group "tricot" { - constraint { - attribute = "${attr.unique.hostname}" - value = "caribou" + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + update { + max_parallel = 1 + stagger = "1m" + } + + group "diplonat" { + task "diplonat" { + driver = "nix2" + + config { + packages = [ + "#iptables", + "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=f306e8dc8d0e93478353ce39b6064e8c06a8bca6" + ] + command = "diplonat" + } + user = "root" + + restart { + interval = "30m" + attempts = 2 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "etc/diplonat/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "etc/diplonat/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "etc/diplonat/consul-client.key" + } + + template { + data = <<EOH +DIPLONAT_REFRESH_TIME=60 +DIPLONAT_EXPIRATION_TIME=300 +DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} +DIPLONAT_CONSUL_URL=https://localhost:8501 +DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt +DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt +DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key +RUST_LOG=debug +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 40 + } } + } + group "tricot" { network { port "http_port" { static = 80 } port "https_port" { static = 443 } @@ -75,14 +136,20 @@ EOH service { name = "tricot-http" port = "http_port" - /* tags = [ "(diplonat (tcp_port 80))" ] */ + tags = [ + "d53-aaaa deuxfleurs.org ${meta.site}.site.staging", + "d53-aaaa deuxfleurs.org staging", + # "(diplonat (tcp_port 80))" + ] address_mode = "host" } service { name = "tricot-https" port = "https_port" - /* tags = [ "(diplonat (tcp_port 443))" ] */ + tags = [ + # "(diplonat (tcp_port 443))" + ] address_mode = "host" } diff --git a/cluster/staging/app/core/deploy/core.hcl b/cluster/staging/app/core/deploy/core.hcl deleted file mode 100644 index e604c24..0000000 --- a/cluster/staging/app/core/deploy/core.hcl +++ /dev/null @@ -1,71 +0,0 @@ -job "core" { - datacenters = ["dc1", "neptune"] - type = "system" - priority = 90 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - update { - max_parallel = 1 - stagger = "1m" - } - - group "network" { - task "diplonat" { - driver = "nix2" - - config { - packages = [ - "#iptables", - "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=f306e8dc8d0e93478353ce39b6064e8c06a8bca6" - ] - command = "diplonat" - } - user = "root" - - restart { - interval = "30m" - attempts = 2 - delay = "15s" - mode = "delay" - } - - template { - data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "etc/diplonat/consul-ca.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "etc/diplonat/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "etc/diplonat/consul-client.key" - } - - template { - data = <<EOH -DIPLONAT_REFRESH_TIME=60 -DIPLONAT_EXPIRATION_TIME=300 -DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} -DIPLONAT_CONSUL_URL=https://localhost:8501 -DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt -DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt -DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key -RUST_LOG=debug -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 40 - } - } - } -} diff --git a/cluster/staging/app/directory/deploy/directory.hcl b/cluster/staging/app/directory/deploy/directory.hcl index 7c597fa..d25a081 100644 --- a/cluster/staging/app/directory/deploy/directory.hcl +++ b/cluster/staging/app/directory/deploy/directory.hcl @@ -111,8 +111,8 @@ EOH name = "guichet" tags = [ "guichet", - "tricot guichet-staging.home.adnab.me", "tricot guichet.staging.deuxfleurs.org", + "d53-cname deuxfleurs.org guichet.staging", ] port = "web_port" check { diff --git a/cluster/staging/app/telemetry/deploy/telemetry.hcl b/cluster/staging/app/telemetry/deploy/telemetry.hcl index da0a3c6..7ee289d 100644 --- a/cluster/staging/app/telemetry/deploy/telemetry.hcl +++ b/cluster/staging/app/telemetry/deploy/telemetry.hcl @@ -156,6 +156,7 @@ job "telemetry" { tags = [ "grafana", "tricot grafana.staging.deuxfleurs.org", + "d53-cname deuxfleurs.org grafana.staging", ] port = "grafana" check { @@ -237,7 +238,10 @@ EOH port = "jaeger-frontend" address_mode = "host" name = "jaeger-frontend" - tags = [ "tricot jaeger.staging.deuxfleurs.org" ] + tags = [ + "tricot jaeger.staging.deuxfleurs.org", + "d53-cname deuxfleurs.org jaeger.staging", + ] check { type = "tcp" port = "jaeger-frontend" |