màj config gitea

author: Alex Auvolat <alex@adnab.me> 2023-06-02 15:40:43 +0200
committer: Alex Auvolat <alex@adnab.me> 2023-06-02 15:40:43 +0200
commit: 14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3 (patch)
tree: f63cef553bc6b4919e0ff23c84589a71f56d6d22 /cluster
parent: c31de0e94fed68cb25dbf15fc5a95008351b3e19 (diff)
download: nixcfg-14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3.tar.gz
nixcfg-14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3.zip
6 files changed, 75 insertions, 8 deletions
diff --git a/cluster/prod/app/core/deploy/bottin.hcl b/cluster/prod/app/core/deploy/bottin.hcl
index 40bb5af..a7d8694 100644
--- a/cluster/prod/app/core/deploy/bottin.hcl
+++ b/cluster/prod/app/core/deploy/bottin.hcl
@@ -1,4 +1,4 @@
-job "core:bottin" {
+job "core-bottin" {
   datacenters = ["orion", "neptune", "scorpio"]
   type = "system"
   priority = 90
diff --git a/cluster/prod/app/core/deploy/d53.hcl b/cluster/prod/app/core/deploy/d53.hcl
index 8baf781..81a88ff 100644
--- a/cluster/prod/app/core/deploy/d53.hcl
+++ b/cluster/prod/app/core/deploy/d53.hcl
@@ -1,4 +1,4 @@
-job "core:d53" {
+job "core-d53" {
   datacenters = ["neptune", "orion", "bespin"]
   type = "service"
   priority = 90
@@ -61,4 +61,42 @@ EOH
       }
     }
   }
+
+  # Dummy task for Gitea (still on an external VM), runs on any bespin node
+  # and allows D53 to automatically update the A record for git.deuxfleurs.fr
+  # to the IPv4 address of the bespin site (that changes occasionnaly)
+  group "gitea-dummy" {
+    count = 1
+
+    network {
+      port "dummy" {
+        to = 999
+      }
+    }
+
+    task "main" {
+      driver = "docker"
+
+      constraint {
+        attribute = "${meta.site}"
+        operator = "="
+        value = "bespin"
+      }
+
+      config {
+        image = "alpine"
+        command = "sh"
+        args = ["-c", "while true; do echo x; sleep 60; done"]
+        ports = [ "dummy" ]
+      }
+
+      service {
+        name = "gitea-dummy"
+        port = "dummy"
+        tags = [
+          "d53-a git.deuxfleurs.fr",
+        ]
+      }
+    }
+  }
 }
diff --git a/cluster/prod/app/core/deploy/diplonat.hcl b/cluster/prod/app/core/deploy/diplonat.hcl
index d6f8423..078e811 100644
--- a/cluster/prod/app/core/deploy/diplonat.hcl
+++ b/cluster/prod/app/core/deploy/diplonat.hcl
@@ -1,4 +1,4 @@
-job "core:diplonat" {
+job "core-diplonat" {
   datacenters = ["orion", "neptune", "scorpio", "bespin"]
   type = "system"
   priority = 90
@@ -53,9 +53,6 @@ DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
 DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
 DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
 DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
-{{ if env "meta.site" | eq "bespin" }}
-DIPLONAT_IPV6_ONLY=true
-{{ end }}
 RUST_LOG=debug
 EOH
         destination = "secrets/env"
diff --git a/cluster/prod/app/core/deploy/tricot.hcl b/cluster/prod/app/core/deploy/tricot.hcl
index 7c3bada..6640dec 100644
--- a/cluster/prod/app/core/deploy/tricot.hcl
+++ b/cluster/prod/app/core/deploy/tricot.hcl
@@ -1,5 +1,9 @@
-job "core:tricot" {
-  datacenters = ["orion", "neptune", "scorpio", "bespin"]
+job "core-tricot" {
+  # bespin pas pour l'instant, on a des soucis de SSL avec gitea
+  # on pourra mettre bespin quand on aura migré gitea de la vm vers le cluster
+  # en attendant, les deux  ne sont pas capables de partager les certificats SSL
+  # donc on laisse la VM gitea gérer les certifs et prendre tout le trafic http(s)
+  datacenters = ["orion", "neptune", "scorpio"]
   type = "system"
   priority = 90
 
diff --git a/cluster/prod/register_external_services.sh b/cluster/prod/register_external_services.sh
index 3b6a35e..7db4e7a 100755
--- a/cluster/prod/register_external_services.sh
+++ b/cluster/prod/register_external_services.sh
@@ -60,6 +60,24 @@ curl -vv  -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: app
 }
 EOF
 
+curl -vv  -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
+{
+  "Datacenter": "prod",
+  "Node": "lindy",
+  "Address": "192.168.1.184",
+  "NodeMeta": {
+    "site": "neptune",
+    "cname_target": "neptune.site.deuxfleurs.fr."
+  },
+  "Service": {
+    "Service": "lx-apimtest",
+    "Tags": ["tricot apimtest.adnab.me"],
+    "Address": "192.168.1.184",
+    "Port": 8920
+  }
+}
+EOF
+
 
 curl -vv  -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
 {
diff --git a/cluster/prod/site/bespin.nix b/cluster/prod/site/bespin.nix
index cdce53e..57812a1 100644
--- a/cluster/prod/site/bespin.nix
+++ b/cluster/prod/site/bespin.nix
@@ -4,4 +4,14 @@
   deuxfleurs.siteName = "bespin";
   deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
   deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr.";
+
+  # Allow all ports from gateway for janky UPnP/IGD daemon
+  # networking.firewall = {
+  #   extraCommands = ''
+  #     iptables -A INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
+  #   '';
+  #   extraStopCommands = ''
+  #     iptables -D INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
+  #   '';
+  # };
 }
author	Alex Auvolat <alex@adnab.me>	2023-06-02 15:40:43 +0200
committer	Alex Auvolat <alex@adnab.me>	2023-06-02 15:40:43 +0200
commit	14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3 (patch)
tree	f63cef553bc6b4919e0ff23c84589a71f56d6d22 /cluster
parent	c31de0e94fed68cb25dbf15fc5a95008351b3e19 (diff)
download	nixcfg-14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3.tar.gz nixcfg-14b59ba4b019799dc15d7a92faa8e89f1d7bf6f3.zip