Replace ad-hoc wireguard by wesher on staging cluster

author: Alex Auvolat <alex@adnab.me> 2022-04-20 18:04:57 +0200
committer: Alex Auvolat <alex@adnab.me> 2022-04-20 18:04:57 +0200
commit: 10d370491e07223c54009feb9330a9c662fe3b79 (patch)
tree: 733d85ba8fdee09eb6a6707e367276c0db8a80a6 /cluster
parent: 04f2bd48bb3d9a33e36409b8eddbad05e21807c1 (diff)
download: nixcfg-10d370491e07223c54009feb9330a9c662fe3b79.tar.gz
nixcfg-10d370491e07223c54009feb9330a9c662fe3b79.zip
5 files changed, 25 insertions, 84 deletions
diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix
index 79fb3fb..5007815 100644
--- a/cluster/staging/cluster.nix
+++ b/cluster/staging/cluster.nix
@@ -2,65 +2,26 @@
 
 {
   deuxfleurs.cluster_name = "staging";
-  deuxfleurs.cluster_nodes = [
-    {
-      hostname = "spoutnik";
-      site_name = "pluton";
-      publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg=";
-      IP = "10.42.2.2";
-      endpoint = "77.141.67.109:42136";
-    }
-    { 
-      hostname = "cariacou";
-      site_name = "neptune";
-      publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA=";
-      IP = "10.42.2.21";
-      endpoint = "82.66.112.151:33721";
-      lan_endpoint = "192.168.1.21:33721";
-    }
-    { 
-      hostname = "carcajou";
-      site_name = "neptune";
-      publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
-      IP = "10.42.2.22";
-      endpoint = "82.66.112.151:33722";
-      lan_endpoint = "192.168.1.22:33722";
-    }
-    { 
-      hostname = "caribou";
-      site_name = "neptune";
-      publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY=";
-      IP = "10.42.2.23";
-      endpoint = "82.66.112.151:33723";
-      lan_endpoint = "192.168.1.23:33723";
-    }
+
+  # Bootstrap nodes for Wesher overlay network
+  services.wesher.join = [
+	"2a01:e0a:c:a720::21"  # cariacou
+	"2a01:e0a:c:a720::22"  # carcajou
+	"2a01:e0a:c:a720::23"  # caribou
   ];
-  deuxfleurs.admin_nodes = [
-    {
-      hostname = "hammerhead";
-      publicKey = "b5hF+GSTgg3oM6wnjL7jRbfyf1jtsWdVptPPbAh3Qic=";
-      IP = "10.42.0.1";
-      endpoint = "5.135.179.11:51349";
-    }
-    {
-      hostname = "robinson";
-      publicKey = "ETaZFil3mFXlJ0LaJZyWqJVLV2IZUF5PB/8M7WbQSTg=";
-      IP = "10.42.0.42";
-      endpoint = "77.141.67.109:33742";
-    }
-    {
-      hostname = "shiki";
-      publicKey = "QUiUNMk70TEQ75Ut7Uqikr5uGVSXmx8EGNkGM6tANlg=";
-      IP = "10.42.0.206";
-      endpoint = "37.187.118.206:51820";
-    }
-    {
-      hostname = "lindy";
-      publicKey = "wen9GnZy2iLT6RyHfn7ydS/wvdvow1XPmhZxIkrDbks=";
-      IP = "10.42.0.66";
-      endpoint = "82.66.112.151:33766";
-    }
+
+  # The IP range to use for the Wesher overlay of this cluster
+  deuxfleurs.wesher_cluster_prefix = "10.14.0.0";
+  deuxfleurs.wesher_cluster_prefix_length = 16;
+
+  # Bootstrap IPs for Consul cluster,
+  # these are IPs on the Wesher overlay
+  services.consul.extraConfig.retry_join = [
+    "10.14.181.82"  # caribou
+    "10.14.179.56"  # cariacou
+    "10.14.252.121" # carcajou
   ];
+
   deuxfleurs.admin_accounts = {
     lx = [
       # Keys for accessing nodes from outside
diff --git a/cluster/staging/node/carcajou.nix b/cluster/staging/node/carcajou.nix
index 304f358..dbcc5ec 100644
--- a/cluster/staging/node/carcajou.nix
+++ b/cluster/staging/node/carcajou.nix
@@ -17,16 +17,9 @@
 
   deuxfleurs.network_interface = "eno1";
   deuxfleurs.lan_ip = "192.168.1.22";
+  deuxfleurs.ipv6 = "2a01:e0a:c:a720::22";
 
-  networking.interfaces.eno1.ipv6.addresses = [
-    {
-      address = "2a01:e0a:c:a720::22";
-      prefixLength = 64;
-    }
-  ];
-
-  deuxfleurs.vpn_ip = "10.42.2.22";
-  deuxfleurs.vpn_listen_port = 33722;
+  deuxfleurs.cluster_ip = "10.14.252.121";
   deuxfleurs.is_raft_server = true;
 
   # Enable netdata monitoring
diff --git a/cluster/staging/node/cariacou.nix b/cluster/staging/node/cariacou.nix
index 5f57fbd..14d1842 100644
--- a/cluster/staging/node/cariacou.nix
+++ b/cluster/staging/node/cariacou.nix
@@ -17,16 +17,9 @@
 
   deuxfleurs.network_interface = "eno1";
   deuxfleurs.lan_ip = "192.168.1.21";
+  deuxfleurs.ipv6 = "2a01:e0a:c:a720::21";
 
-  networking.interfaces.eno1.ipv6.addresses = [
-    {
-      address = "2a01:e0a:c:a720::21";
-      prefixLength = 64;
-    }
-  ];
-
-  deuxfleurs.vpn_ip = "10.42.2.21";
-  deuxfleurs.vpn_listen_port = 33721;
+  deuxfleurs.cluster_ip = "10.14.179.56";
   deuxfleurs.is_raft_server = true;
 
   # Enable netdata monitoring
diff --git a/cluster/staging/node/caribou.nix b/cluster/staging/node/caribou.nix
index 7b785ef..3b41972 100644
--- a/cluster/staging/node/caribou.nix
+++ b/cluster/staging/node/caribou.nix
@@ -17,16 +17,9 @@
 
   deuxfleurs.network_interface = "eno1";
   deuxfleurs.lan_ip = "192.168.1.23";
+  deuxfleurs.ipv6 = "2a01:e0a:c:a720::23";
 
-  networking.interfaces.eno1.ipv6.addresses = [
-    {
-      address = "2a01:e0a:c:a720::23";
-      prefixLength = 64;
-    }
-  ];
-
-  deuxfleurs.vpn_ip = "10.42.2.23";
-  deuxfleurs.vpn_listen_port = 33723;
+  deuxfleurs.cluster_ip = "10.14.181.82";
   deuxfleurs.is_raft_server = true;
 
   # Enable netdata monitoring
diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix
index 1b80144..38a4bab 100644
--- a/cluster/staging/site/neptune.nix
+++ b/cluster/staging/site/neptune.nix
@@ -4,6 +4,7 @@
   deuxfleurs.site_name = "neptune";
   deuxfleurs.lan_default_gateway = "192.168.1.254";
   deuxfleurs.lan_ip_prefix_length = 24;
+  deuxfleurs.ipv6_prefix_length = 64;
 
   networking.nameservers = [ "192.168.1.254" ];
author	Alex Auvolat <alex@adnab.me>	2022-04-20 18:04:57 +0200
committer	Alex Auvolat <alex@adnab.me>	2022-04-20 18:04:57 +0200
commit	10d370491e07223c54009feb9330a9c662fe3b79 (patch)
tree	733d85ba8fdee09eb6a6707e367276c0db8a80a6 /cluster
parent	04f2bd48bb3d9a33e36409b8eddbad05e21807c1 (diff)
download	nixcfg-10d370491e07223c54009feb9330a9c662fe3b79.tar.gz nixcfg-10d370491e07223c54009feb9330a9c662fe3b79.zip