From 10d370491e07223c54009feb9330a9c662fe3b79 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 20 Apr 2022 18:04:57 +0200 Subject: Replace ad-hoc wireguard by wesher on staging cluster --- cluster/staging/cluster.nix | 75 ++++++++++----------------------------- cluster/staging/node/carcajou.nix | 11 ++---- cluster/staging/node/cariacou.nix | 11 ++---- cluster/staging/node/caribou.nix | 11 ++---- cluster/staging/site/neptune.nix | 1 + 5 files changed, 25 insertions(+), 84 deletions(-) (limited to 'cluster/staging') diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix index 79fb3fb..5007815 100644 --- a/cluster/staging/cluster.nix +++ b/cluster/staging/cluster.nix @@ -2,65 +2,26 @@ { deuxfleurs.cluster_name = "staging"; - deuxfleurs.cluster_nodes = [ - { - hostname = "spoutnik"; - site_name = "pluton"; - publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg="; - IP = "10.42.2.2"; - endpoint = "77.141.67.109:42136"; - } - { - hostname = "cariacou"; - site_name = "neptune"; - publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA="; - IP = "10.42.2.21"; - endpoint = "82.66.112.151:33721"; - lan_endpoint = "192.168.1.21:33721"; - } - { - hostname = "carcajou"; - site_name = "neptune"; - publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk="; - IP = "10.42.2.22"; - endpoint = "82.66.112.151:33722"; - lan_endpoint = "192.168.1.22:33722"; - } - { - hostname = "caribou"; - site_name = "neptune"; - publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY="; - IP = "10.42.2.23"; - endpoint = "82.66.112.151:33723"; - lan_endpoint = "192.168.1.23:33723"; - } + + # Bootstrap nodes for Wesher overlay network + services.wesher.join = [ + "2a01:e0a:c:a720::21" # cariacou + "2a01:e0a:c:a720::22" # carcajou + "2a01:e0a:c:a720::23" # caribou ]; - deuxfleurs.admin_nodes = [ - { - hostname = "hammerhead"; - publicKey = "b5hF+GSTgg3oM6wnjL7jRbfyf1jtsWdVptPPbAh3Qic="; - IP = "10.42.0.1"; - endpoint = "5.135.179.11:51349"; - } - { - hostname = "robinson"; - publicKey = "ETaZFil3mFXlJ0LaJZyWqJVLV2IZUF5PB/8M7WbQSTg="; - IP = "10.42.0.42"; - endpoint = "77.141.67.109:33742"; - } - { - hostname = "shiki"; - publicKey = "QUiUNMk70TEQ75Ut7Uqikr5uGVSXmx8EGNkGM6tANlg="; - IP = "10.42.0.206"; - endpoint = "37.187.118.206:51820"; - } - { - hostname = "lindy"; - publicKey = "wen9GnZy2iLT6RyHfn7ydS/wvdvow1XPmhZxIkrDbks="; - IP = "10.42.0.66"; - endpoint = "82.66.112.151:33766"; - } + + # The IP range to use for the Wesher overlay of this cluster + deuxfleurs.wesher_cluster_prefix = "10.14.0.0"; + deuxfleurs.wesher_cluster_prefix_length = 16; + + # Bootstrap IPs for Consul cluster, + # these are IPs on the Wesher overlay + services.consul.extraConfig.retry_join = [ + "10.14.181.82" # caribou + "10.14.179.56" # cariacou + "10.14.252.121" # carcajou ]; + deuxfleurs.admin_accounts = { lx = [ # Keys for accessing nodes from outside diff --git a/cluster/staging/node/carcajou.nix b/cluster/staging/node/carcajou.nix index 304f358..dbcc5ec 100644 --- a/cluster/staging/node/carcajou.nix +++ b/cluster/staging/node/carcajou.nix @@ -17,16 +17,9 @@ deuxfleurs.network_interface = "eno1"; deuxfleurs.lan_ip = "192.168.1.22"; + deuxfleurs.ipv6 = "2a01:e0a:c:a720::22"; - networking.interfaces.eno1.ipv6.addresses = [ - { - address = "2a01:e0a:c:a720::22"; - prefixLength = 64; - } - ]; - - deuxfleurs.vpn_ip = "10.42.2.22"; - deuxfleurs.vpn_listen_port = 33722; + deuxfleurs.cluster_ip = "10.14.252.121"; deuxfleurs.is_raft_server = true; # Enable netdata monitoring diff --git a/cluster/staging/node/cariacou.nix b/cluster/staging/node/cariacou.nix index 5f57fbd..14d1842 100644 --- a/cluster/staging/node/cariacou.nix +++ b/cluster/staging/node/cariacou.nix @@ -17,16 +17,9 @@ deuxfleurs.network_interface = "eno1"; deuxfleurs.lan_ip = "192.168.1.21"; + deuxfleurs.ipv6 = "2a01:e0a:c:a720::21"; - networking.interfaces.eno1.ipv6.addresses = [ - { - address = "2a01:e0a:c:a720::21"; - prefixLength = 64; - } - ]; - - deuxfleurs.vpn_ip = "10.42.2.21"; - deuxfleurs.vpn_listen_port = 33721; + deuxfleurs.cluster_ip = "10.14.179.56"; deuxfleurs.is_raft_server = true; # Enable netdata monitoring diff --git a/cluster/staging/node/caribou.nix b/cluster/staging/node/caribou.nix index 7b785ef..3b41972 100644 --- a/cluster/staging/node/caribou.nix +++ b/cluster/staging/node/caribou.nix @@ -17,16 +17,9 @@ deuxfleurs.network_interface = "eno1"; deuxfleurs.lan_ip = "192.168.1.23"; + deuxfleurs.ipv6 = "2a01:e0a:c:a720::23"; - networking.interfaces.eno1.ipv6.addresses = [ - { - address = "2a01:e0a:c:a720::23"; - prefixLength = 64; - } - ]; - - deuxfleurs.vpn_ip = "10.42.2.23"; - deuxfleurs.vpn_listen_port = 33723; + deuxfleurs.cluster_ip = "10.14.181.82"; deuxfleurs.is_raft_server = true; # Enable netdata monitoring diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix index 1b80144..38a4bab 100644 --- a/cluster/staging/site/neptune.nix +++ b/cluster/staging/site/neptune.nix @@ -4,6 +4,7 @@ deuxfleurs.site_name = "neptune"; deuxfleurs.lan_default_gateway = "192.168.1.254"; deuxfleurs.lan_ip_prefix_length = 24; + deuxfleurs.ipv6_prefix_length = 64; networking.nameservers = [ "192.168.1.254" ]; -- cgit v1.2.3