diff options
Diffstat (limited to 'cluster/prod')
21 files changed, 383 insertions, 435 deletions
diff --git a/cluster/prod/app/core/deploy/bottin.hcl b/cluster/prod/app/core/deploy/bottin.hcl new file mode 100644 index 0000000..40bb5af --- /dev/null +++ b/cluster/prod/app/core/deploy/bottin.hcl @@ -0,0 +1,100 @@ +job "core:bottin" { + datacenters = ["orion", "neptune", "scorpio"] + type = "system" + priority = 90 + + update { + max_parallel = 1 + stagger = "1m" + } + + group "bottin" { + constraint { + distinct_property = "${meta.site}" + value = "1" + } + + network { + port "ldap_port" { + static = 389 + to = 389 + } + } + + task "bottin" { + driver = "docker" + config { + image = "dxflrs/bottin:7h18i30cckckaahv87d3c86pn4a7q41z" + network_mode = "host" + readonly_rootfs = true + ports = [ "ldap_port" ] + volumes = [ + "secrets/config.json:/config.json", + "secrets:/etc/bottin", + ] + } + + restart { + interval = "5m" + attempts = 10 + delay = "15s" + mode = "delay" + } + + resources { + memory = 100 + memory_max = 200 + } + + template { + data = file("../config/bottin/config.json.tpl") + destination = "secrets/config.json" + } + + template { + data = "{{ key \"secrets/consul/consul.crt\" }}" + destination = "secrets/consul.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +CONSUL_HTTP_ADDR=https://consul.service.prod.consul:8501 +CONSUL_HTTP_SSL=true +CONSUL_CACERT=/etc/bottin/consul.crt +CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt +CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key +EOH + destination = "secrets/env" + env = true + } + + service { + tags = [ "${meta.site}" ] + port = "ldap_port" + address_mode = "host" + name = "bottin" + check { + type = "tcp" + port = "ldap_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} diff --git a/cluster/prod/app/core/deploy/core-system.hcl b/cluster/prod/app/core/deploy/core-system.hcl deleted file mode 100644 index 004a2ef..0000000 --- a/cluster/prod/app/core/deploy/core-system.hcl +++ /dev/null @@ -1,257 +0,0 @@ -job "core" { - datacenters = ["orion", "neptune", "scorpio"] - type = "system" - priority = 90 - - update { - max_parallel = 1 - stagger = "5m" - } - - group "diplonat" { - task "diplonat" { - driver = "docker" - - config { - image = "lxpz/amd64_diplonat:5" - network_mode = "host" - readonly_rootfs = true - privileged = true - volumes = [ - "secrets:/etc/diplonat", - ] - } - - restart { - interval = "5m" - attempts = 10 - delay = "15s" - mode = "delay" - } - - template { - data = "{{ key \"secrets/consul/consul.crt\" }}" - destination = "secrets/consul.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - template { - data = <<EOH -DIPLONAT_REFRESH_TIME=60 -DIPLONAT_EXPIRATION_TIME=300 -DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} -DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501 -DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true -DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt -DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key -RUST_LOG=debug -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 100 - memory_max = 200 - } - } - } - - group "tricot" { - constraint { - distinct_property = "${meta.site}" - value = "1" - } - - network { - port "http_port" { static = 80 } - port "https_port" { static = 443 } - port "metrics_port" { static = 9334 } - } - - task "server" { - driver = "docker" - - config { - image = "lxpz/amd64_tricot:47" - network_mode = "host" - readonly_rootfs = true - ports = [ "http_port", "https_port" ] - volumes = [ - "secrets:/etc/tricot", - ] - } - - resources { - cpu = 1000 - memory = 200 - memory_max = 500 - } - - restart { - interval = "5m" - attempts = 10 - delay = "15s" - mode = "delay" - } - - template { - data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "secrets/consul-ca.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - template { - data = <<EOH -TRICOT_NODE_NAME={{ env "attr.unique.hostname" }} -TRICOT_LETSENCRYPT_EMAIL=prod-sysadmin@deuxfleurs.fr -TRICOT_ENABLE_COMPRESSION=true -TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501 -TRICOT_CONSUL_TLS_SKIP_VERIFY=true -TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt -TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key -TRICOT_HTTP_BIND_ADDR=[::]:80 -TRICOT_HTTPS_BIND_ADDR=[::]:443 -TRICOT_METRICS_BIND_ADDR=[::]:9334 -RUST_LOG=tricot=debug -EOH - destination = "secrets/env" - env = true - } - - service { - name = "tricot-http" - port = "http_port" - tags = [ "(diplonat (tcp_port 80))", "${meta.site}" ] - address_mode = "host" - } - - service { - name = "tricot-https" - port = "https_port" - tags = [ - "(diplonat (tcp_port 443))", - "${meta.site}", - "d53-aaaa ${meta.site}.site.deuxfleurs.fr", - "d53-a global.site.deuxfleurs.fr", - "d53-aaaa global.site.deuxfleurs.fr", - ] - address_mode = "host" - } - - service { - name = "tricot-metrics" - port = "metrics_port" - address_mode = "host" - } - } - } - - group "bottin" { - constraint { - distinct_property = "${meta.site}" - value = "1" - } - - network { - port "ldap_port" { - static = 389 - to = 389 - } - } - - task "bottin" { - driver = "docker" - config { - image = "dxflrs/bottin:7h18i30cckckaahv87d3c86pn4a7q41z" - network_mode = "host" - readonly_rootfs = true - ports = [ "ldap_port" ] - volumes = [ - "secrets/config.json:/config.json", - "secrets:/etc/bottin", - ] - } - - restart { - interval = "5m" - attempts = 10 - delay = "15s" - mode = "delay" - } - - resources { - memory = 100 - memory_max = 200 - } - - template { - data = file("../config/bottin/config.json.tpl") - destination = "secrets/config.json" - } - - template { - data = "{{ key \"secrets/consul/consul.crt\" }}" - destination = "secrets/consul.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" - } - - template { - data = <<EOH -CONSUL_HTTP_ADDR=https://consul.service.prod.consul:8501 -CONSUL_HTTP_SSL=true -CONSUL_CACERT=/etc/bottin/consul.crt -CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt -CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key -EOH - destination = "secrets/env" - env = true - } - - service { - tags = [ "${meta.site}" ] - port = "ldap_port" - address_mode = "host" - name = "bottin" - check { - type = "tcp" - port = "ldap_port" - interval = "60s" - timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } - } - } - } - } -} diff --git a/cluster/prod/app/core/deploy/core-service.hcl b/cluster/prod/app/core/deploy/d53.hcl index c2fe3c9..58cda1e 100644 --- a/cluster/prod/app/core/deploy/core-service.hcl +++ b/cluster/prod/app/core/deploy/d53.hcl @@ -1,4 +1,4 @@ -job "core-service" { +job "core:d53" { datacenters = ["neptune", "orion", "bespin"] type = "service" priority = 90 diff --git a/cluster/prod/app/core/deploy/diplonat.hcl b/cluster/prod/app/core/deploy/diplonat.hcl new file mode 100644 index 0000000..d6f8423 --- /dev/null +++ b/cluster/prod/app/core/deploy/diplonat.hcl @@ -0,0 +1,71 @@ +job "core:diplonat" { + datacenters = ["orion", "neptune", "scorpio", "bespin"] + type = "system" + priority = 90 + + update { + max_parallel = 2 + stagger = "1m" + } + + group "diplonat" { + task "diplonat" { + driver = "docker" + + config { + image = "lxpz/amd64_diplonat:6" + network_mode = "host" + readonly_rootfs = true + privileged = true + volumes = [ + "secrets:/etc/diplonat", + ] + } + + restart { + interval = "5m" + attempts = 10 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul.crt\" }}" + destination = "secrets/consul.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +DIPLONAT_REFRESH_TIME=60 +DIPLONAT_EXPIRATION_TIME=300 +DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} +DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501 +DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true +DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt +DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key +{{ if env "meta.site" | eq "bespin" }} +DIPLONAT_IPV6_ONLY=true +{{ end }} +RUST_LOG=debug +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 100 + memory_max = 200 + } + } + } +} diff --git a/cluster/prod/app/core/deploy/tricot.hcl b/cluster/prod/app/core/deploy/tricot.hcl new file mode 100644 index 0000000..7c955d2 --- /dev/null +++ b/cluster/prod/app/core/deploy/tricot.hcl @@ -0,0 +1,109 @@ +job "core:tricot" { + datacenters = ["orion", "neptune", "scorpio"] + type = "system" + priority = 90 + + update { + max_parallel = 1 + stagger = "5m" + } + + group "tricot" { + constraint { + distinct_property = "${meta.site}" + value = "1" + } + + network { + port "http_port" { static = 80 } + port "https_port" { static = 443 } + port "metrics_port" { static = 9334 } + } + + task "server" { + driver = "docker" + + config { + image = "lxpz/amd64_tricot:47" + network_mode = "host" + readonly_rootfs = true + ports = [ "http_port", "https_port" ] + volumes = [ + "secrets:/etc/tricot", + ] + } + + resources { + cpu = 1000 + memory = 200 + memory_max = 500 + } + + restart { + interval = "5m" + attempts = 10 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +TRICOT_NODE_NAME={{ env "attr.unique.hostname" }} +TRICOT_LETSENCRYPT_EMAIL=prod-sysadmin@deuxfleurs.fr +TRICOT_ENABLE_COMPRESSION=true +TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501 +TRICOT_CONSUL_TLS_SKIP_VERIFY=true +TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt +TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key +TRICOT_HTTP_BIND_ADDR=[::]:80 +TRICOT_HTTPS_BIND_ADDR=[::]:443 +TRICOT_METRICS_BIND_ADDR=[::]:9334 +RUST_LOG=tricot=debug +EOH + destination = "secrets/env" + env = true + } + + service { + name = "tricot-http" + port = "http_port" + tags = [ "(diplonat (tcp_port 80))", "${meta.site}" ] + address_mode = "host" + } + + service { + name = "tricot-https" + port = "https_port" + tags = [ + "(diplonat (tcp_port 443))", + "${meta.site}", + "d53-aaaa ${meta.site}.site.deuxfleurs.fr", + "d53-a global.site.deuxfleurs.fr", + "d53-aaaa global.site.deuxfleurs.fr", + ] + address_mode = "host" + } + + service { + name = "tricot-metrics" + port = "metrics_port" + address_mode = "host" + } + } + } +} diff --git a/cluster/prod/app/garage/config/garage.toml b/cluster/prod/app/garage/config/garage.toml index 36daa5d..5b10707 100644 --- a/cluster/prod/app/garage/config/garage.toml +++ b/cluster/prod/app/garage/config/garage.toml @@ -6,8 +6,10 @@ db_engine = "lmdb" replication_mode = "3" -rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3901" -rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3901" +{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }} +rpc_bind_addr = "[{{ $a.address }}]:3901" +rpc_public_addr = "[{{ $a.address }}]:3901" +{{ end }} rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}" [consul_discovery] diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index 44c376e..ea3bdec 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -1,84 +1,73 @@ { config, pkgs, ... } @ args: { - deuxfleurs.cluster_name = "prod"; + deuxfleurs.clusterName = "prod"; # The IP range to use for the Wireguard overlay of this cluster - deuxfleurs.cluster_prefix = "10.83.0.0"; - deuxfleurs.cluster_prefix_length = 16; + deuxfleurs.clusterPrefix = "10.83.0.0/16"; - deuxfleurs.cluster_nodes = [ - { - hostname = "concombre"; - site_name = "neptune"; + deuxfleurs.clusterNodes = { + "concombre" = { + siteName = "neptune"; publicKey = "VvXT0fPDfWsHxumZqVShpS33dJQAdpJ1E79ZbCBJP34="; - IP = "10.83.1.1"; + address = "10.83.1.1"; endpoint = "77.207.15.215:33731"; - } - { - hostname = "courgette"; - site_name = "neptune"; + }; + "courgette" = { + siteName = "neptune"; publicKey = "goTkBJGmzrGDOAjUcdH9G0JekipqSMoaYQdB6IHnzi0="; - IP = "10.83.1.2"; + address = "10.83.1.2"; endpoint = "77.207.15.215:33732"; - } - { - hostname = "celeri"; - site_name = "neptune"; + }; + "celeri" = { + siteName = "neptune"; publicKey = "oZDAb8LoLW87ktUHyFFec0VaIar97bqq47mGbdVqJ0U="; - IP = "10.83.1.3"; + address = "10.83.1.3"; endpoint = "77.207.15.215:33733"; - } - { - hostname = "dahlia"; - site_name = "orion"; + }; + "dahlia" = { + siteName = "orion"; publicKey = "EtRoWBYCdjqgXX0L+uWLg8KxNfIK8k9OTh30tL19bXU="; - IP = "10.83.2.1"; + address = "10.83.2.1"; endpoint = "82.66.80.201:33731"; - } - { - hostname = "diplotaxis"; - site_name = "orion"; + }; + "diplotaxis" = { + siteName = "orion"; publicKey = "HbLC938mysadMSOxWgq8+qrv+dBKzPP/43OMJp/3phA="; - IP = "10.83.2.2"; + address = "10.83.2.2"; endpoint = "82.66.80.201:33732"; - } - { - hostname = "doradille"; - site_name = "orion"; + }; + "doradille" = { + siteName = "orion"; publicKey = "e1C8jgTj9eD20ywG08G1FQZ+Js3wMK/msDUE1wO3l1Y="; - IP = "10.83.2.3"; + address = "10.83.2.3"; endpoint = "82.66.80.201:33733"; - } - { - hostname = "df-ykl"; - site_name = "bespin"; + }; + "df-ykl" = { + siteName = "bespin"; publicKey = "bIjxey/VhBgVrLa0FxN/KISOt2XFmQeSh1MPivUq9gg="; - IP = "10.83.3.1"; + address = "10.83.3.1"; endpoint = "109.136.55.235:33731"; - } - { - hostname = "df-ymf"; - site_name = "bespin"; + }; + "df-ymf" = { + siteName = "bespin"; publicKey = "pUIKv8UBl586O7DBrHBsb9BgNU7WlYQ2r2RSNkD+JAQ="; - IP = "10.83.3.2"; + address = "10.83.3.2"; endpoint = "109.136.55.235:33732"; - } - { - hostname = "df-ymk"; - site_name = "bespin"; + }; + "df-ymk" = { + siteName = "bespin"; publicKey = "VBmpo15iIJP7250NAsF+ryhZc3j+8TZFnE1Djvn5TXI="; - IP = "10.83.3.3"; + address = "10.83.3.3"; endpoint = "109.136.55.235:33733"; - } - { - hostname = "abricot"; - site_name = "scorpio"; + }; + "abricot" = { + siteName = "scorpio"; publicKey = "Sm9cmNZ/BfWVPFflMO+fuyiera4r203b/dKhHTQmBFg="; - IP = "10.83.4.1"; + address = "10.83.4.1"; endpoint = "82.65.41.110:33741"; - } - ]; + }; + }; # Bootstrap IPs for Consul cluster, # these are IPs on the Wireguard overlay @@ -88,7 +77,7 @@ "10.83.3.1" # df-ykl ]; - deuxfleurs.admin_accounts = { + deuxfleurs.adminAccounts = { lx = [ # Keys for accessing nodes from outside "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" diff --git a/cluster/prod/node/abricot.nix b/cluster/prod/node/abricot.nix index b092fb2..69cc38d 100644 --- a/cluster/prod/node/abricot.nix +++ b/cluster/prod/node/abricot.nix @@ -8,12 +8,7 @@ boot.loader.timeout = 20; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "abricot"; - - deuxfleurs.network_interface = "eno1"; - deuxfleurs.lan_ip = "192.168.1.41"; - deuxfleurs.ipv6 = "2a01:e0a:e4:2dd0::41"; - - deuxfleurs.cluster_ip = "10.83.4.1"; - deuxfleurs.is_raft_server = false; + deuxfleurs.hostName = "abricot"; + deuxfleurs.staticIPv4.address = "192.168.1.41"; + deuxfleurs.staticIPv6.address = "2a01:e0a:e4:2dd0::41"; } diff --git a/cluster/prod/node/celeri.nix b/cluster/prod/node/celeri.nix index fdb88b9..45087f3 100644 --- a/cluster/prod/node/celeri.nix +++ b/cluster/prod/node/celeri.nix @@ -8,12 +8,7 @@ boot.loader.timeout = 20; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "celeri"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.1.33"; - deuxfleurs.ipv6 = "2001:910:1204:1::33"; - - deuxfleurs.cluster_ip = "10.83.1.3"; - deuxfleurs.is_raft_server = false; + deuxfleurs.hostName = "celeri"; + deuxfleurs.staticIPv4.address = "192.168.1.33"; + deuxfleurs.staticIPv6.address = "2001:910:1204:1::33"; } diff --git a/cluster/prod/node/concombre.nix b/cluster/prod/node/concombre.nix index eefc9e7..9a9e456 100644 --- a/cluster/prod/node/concombre.nix +++ b/cluster/prod/node/concombre.nix @@ -8,12 +8,8 @@ boot.loader.timeout = 20; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "concombre"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.1.31"; - deuxfleurs.ipv6 = "2001:910:1204:1::31"; - - deuxfleurs.cluster_ip = "10.83.1.1"; - deuxfleurs.is_raft_server = true; + deuxfleurs.hostName = "concombre"; + deuxfleurs.staticIPv4.address = "192.168.1.31"; + deuxfleurs.staticIPv6.address = "2001:910:1204:1::31"; + deuxfleurs.isRaftServer = true; } diff --git a/cluster/prod/node/courgette.nix b/cluster/prod/node/courgette.nix index c2bf0d8..081c297 100644 --- a/cluster/prod/node/courgette.nix +++ b/cluster/prod/node/courgette.nix @@ -8,12 +8,7 @@ boot.loader.timeout = 20; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "courgette"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.1.32"; - deuxfleurs.ipv6 = "2001:910:1204:1::32"; - - deuxfleurs.cluster_ip = "10.83.1.2"; - deuxfleurs.is_raft_server = false; + deuxfleurs.hostName = "courgette"; + deuxfleurs.staticIPv4.address = "192.168.1.32"; + deuxfleurs.staticIPv6.address = "2001:910:1204:1::32"; } diff --git a/cluster/prod/node/dahlia.nix b/cluster/prod/node/dahlia.nix index fc51ea8..ee9e7aa 100644 --- a/cluster/prod/node/dahlia.nix +++ b/cluster/prod/node/dahlia.nix @@ -7,12 +7,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "dahlia"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.1.11"; - deuxfleurs.ipv6 = "2a01:e0a:28f:5e60::11"; - - deuxfleurs.cluster_ip = "10.83.2.1"; - deuxfleurs.is_raft_server = true; + deuxfleurs.hostName = "dahlia"; + deuxfleurs.staticIPv4.address = "192.168.1.11"; + deuxfleurs.staticIPv6.address = "2a01:e0a:28f:5e60::11"; + deuxfleurs.isRaftServer = true; } diff --git a/cluster/prod/node/df-ykl.nix b/cluster/prod/node/df-ykl.nix index 04a2b35..843d322 100644 --- a/cluster/prod/node/df-ykl.nix +++ b/cluster/prod/node/df-ykl.nix @@ -7,14 +7,10 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "df-ykl"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.5.117"; - deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e86c"; - - deuxfleurs.cluster_ip = "10.83.3.1"; - deuxfleurs.is_raft_server = true; + deuxfleurs.hostName = "df-ykl"; + deuxfleurs.staticIPv4.address = "192.168.5.117"; + deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e86c"; + deuxfleurs.isRaftServer = true; fileSystems."/mnt" = { device = "/dev/disk/by-uuid/f7aa396f-23d0-44d3-89cf-3cb00bbb6c3b"; diff --git a/cluster/prod/node/df-ymf.nix b/cluster/prod/node/df-ymf.nix index 15c5b1e..df2ebb3 100644 --- a/cluster/prod/node/df-ymf.nix +++ b/cluster/prod/node/df-ymf.nix @@ -7,14 +7,9 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "df-ymf"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.5.134"; - deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3a:6174"; - - deuxfleurs.cluster_ip = "10.83.3.2"; - deuxfleurs.is_raft_server = false; + deuxfleurs.hostName = "df-ymf"; + deuxfleurs.staticIPv4.address = "192.168.5.134"; + deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:6e4b:90ff:fe3a:6174"; fileSystems."/mnt" = { device = "/dev/disk/by-uuid/fec20a7e-5019-4747-8f73-77f3f196c122"; diff --git a/cluster/prod/node/df-ymk.nix b/cluster/prod/node/df-ymk.nix index d7deb49..f98b576 100644 --- a/cluster/prod/node/df-ymk.nix +++ b/cluster/prod/node/df-ymk.nix @@ -7,14 +7,9 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "df-ymk"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.5.116"; - deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e939"; - - deuxfleurs.cluster_ip = "10.83.3.3"; - deuxfleurs.is_raft_server = false; + deuxfleurs.hostName = "df-ymk"; + deuxfleurs.staticIPv4.address = "192.168.5.116"; + deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e939"; fileSystems."/mnt" = { device = "/dev/disk/by-uuid/51d95b17-0e06-4a73-9e4e-ae5363cc4015"; diff --git a/cluster/prod/node/diplotaxis.nix b/cluster/prod/node/diplotaxis.nix index c1ce4f9..f9c7faf 100644 --- a/cluster/prod/node/diplotaxis.nix +++ b/cluster/prod/node/diplotaxis.nix @@ -8,12 +8,7 @@ boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only - networking.hostName = "diplotaxis"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.1.12"; - deuxfleurs.ipv6 = "2a01:e0a:28f:5e60::12"; - - deuxfleurs.cluster_ip = "10.83.2.2"; - deuxfleurs.is_raft_server = false; + deuxfleurs.hostName = "diplotaxis"; + deuxfleurs.staticIPv4.address = "192.168.1.12"; + deuxfleurs.staticIPv6.address = "2a01:e0a:28f:5e60::12"; } diff --git a/cluster/prod/node/doradille.nix b/cluster/prod/node/doradille.nix index f1c6e57..a4dc691 100644 --- a/cluster/prod/node/doradille.nix +++ b/cluster/prod/node/doradille.nix @@ -8,12 +8,7 @@ boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only - networking.hostName = "doradille"; - - deuxfleurs.network_interface = "enp0s31f6"; - deuxfleurs.lan_ip = "192.168.1.13"; - deuxfleurs.ipv6 = "2a01:e0a:28f:5e60::13"; - - deuxfleurs.cluster_ip = "10.83.2.3"; - deuxfleurs.is_raft_server = false; + deuxfleurs.hostName = "doradille"; + deuxfleurs.staticIPv4.address = "192.168.1.13"; + deuxfleurs.staticIPv6.address = "2a01:e0a:28f:5e60::13"; } diff --git a/cluster/prod/site/bespin.nix b/cluster/prod/site/bespin.nix index de39f85..cdce53e 100644 --- a/cluster/prod/site/bespin.nix +++ b/cluster/prod/site/bespin.nix @@ -1,13 +1,7 @@ { config, pkgs, ... }: { - deuxfleurs.site_name = "bespin"; - deuxfleurs.lan_default_gateway = "192.168.5.254"; - deuxfleurs.ipv6_default_gateway = "2a02:a03f:6510:5102::1"; - deuxfleurs.lan_ip_prefix_length = 24; - deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.5.254" ]; - deuxfleurs.cname_target = "bespin.site.deuxfleurs.fr."; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; + deuxfleurs.siteName = "bespin"; + deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254"; + deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr."; } diff --git a/cluster/prod/site/neptune.nix b/cluster/prod/site/neptune.nix index a4aac6d..ab24f4a 100644 --- a/cluster/prod/site/neptune.nix +++ b/cluster/prod/site/neptune.nix @@ -1,14 +1,8 @@ { config, pkgs, ... }: { - deuxfleurs.site_name = "neptune"; - deuxfleurs.lan_default_gateway = "192.168.1.1"; - deuxfleurs.ipv6_default_gateway = "2001:910:1204:1::1"; - deuxfleurs.lan_ip_prefix_length = 24; - deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.1.1" ]; - deuxfleurs.cname_target = "neptune.site.deuxfleurs.fr."; - deuxfleurs.public_ipv4 = "77.207.15.215"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; + deuxfleurs.siteName = "neptune"; + deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1"; + deuxfleurs.cnameTarget = "neptune.site.deuxfleurs.fr."; + deuxfleurs.publicIPv4 = "77.207.15.215"; } diff --git a/cluster/prod/site/orion.nix b/cluster/prod/site/orion.nix index fb4ba22..58c49ab 100644 --- a/cluster/prod/site/orion.nix +++ b/cluster/prod/site/orion.nix @@ -1,14 +1,13 @@ { config, pkgs, ... }: { - deuxfleurs.site_name = "orion"; - deuxfleurs.lan_default_gateway = "192.168.1.254"; - deuxfleurs.ipv6_default_gateway = "2a01:e0a:28f:5e60::1"; - deuxfleurs.lan_ip_prefix_length = 24; - deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.1.254" ]; - deuxfleurs.cname_target = "orion.site.deuxfleurs.fr."; - deuxfleurs.public_ipv4 = "82.66.80.201"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; + deuxfleurs.siteName = "orion"; + deuxfleurs.staticIPv4.defaultGateway = "192.168.1.254"; + # Setting an IPv6 default gateway will disable RA for now. + # Adding this for now as Orion has the mail servers and we are + # not yet confident we can disable this without getting ourselves + # banned by sending from unwanted IPs (although it should be ok). + deuxfleurs.staticIPv6.defaultGateway = "2a01:e0a:28f:5e60::1"; + deuxfleurs.cnameTarget = "orion.site.deuxfleurs.fr."; + deuxfleurs.publicIPv4 = "82.66.80.201"; } diff --git a/cluster/prod/site/scorpio.nix b/cluster/prod/site/scorpio.nix index b58e25c..e36dc1d 100644 --- a/cluster/prod/site/scorpio.nix +++ b/cluster/prod/site/scorpio.nix @@ -1,14 +1,8 @@ { config, pkgs, ... }: { - deuxfleurs.site_name = "scorpio"; - deuxfleurs.lan_default_gateway = "192.168.1.254"; - deuxfleurs.ipv6_default_gateway = "2a01:e0a:e4:2dd0::1"; - deuxfleurs.lan_ip_prefix_length = 24; - deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.1.254" ]; - deuxfleurs.cname_target = "scorpio.site.deuxfleurs.fr."; - deuxfleurs.public_ipv4 = "82.65.41.110"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; + deuxfleurs.siteName = "scorpio"; + deuxfleurs.staticIPv4.defaultGateway = "192.168.1.254"; + deuxfleurs.cnameTarget = "scorpio.site.deuxfleurs.fr."; + deuxfleurs.publicIPv4 = "82.65.41.110"; } |