From 2aed1f4df20277ab74db70316704620250a7589c Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sat, 4 Nov 2023 01:38:35 +0100
Subject: [PATCH] cluster/services/storage: add grail to garage cluster

---
 cluster/services/storage/default.nix          |   6 ++--
 cluster/services/storage/garage-layout.nix    |   1 +
 cluster/services/storage/garage.nix           |   2 +-
 .../storage/secrets/garage-rpc-secret.age     | Bin 820 -> 828 bytes
 .../secrets/storage-box-credentials.age       |  30 ++++++++----------
 secrets.nix                                   |   4 +--
 6 files changed, 21 insertions(+), 22 deletions(-)
diff --git a/cluster/services/storage/default.nix b/cluster/services/storage/default.nix
index 8593b38..cb4084e 100644
--- a/cluster/services/storage/default.nix
+++ b/cluster/services/storage/default.nix
@@ -13,10 +13,10 @@ in
     nodes = {
       external = [ "prophet" ];
       heresy = [ "VEGAS" ];
-      garage = [ "prophet" "VEGAS" ];
-      garageConfig = [ "prophet" "VEGAS" ];
+      garage = [ "grail" "prophet" "VEGAS" ];
+      garageConfig = [ "grail" "prophet" "VEGAS" ];
       garageInternal = [ "VEGAS" ];
-      garageExternal = [ "prophet" ];
+      garageExternal = [ "grail" "prophet" ];
     };
     nixos = {
       external = [ ./external.nix ];
diff --git a/cluster/services/storage/garage-layout.nix b/cluster/services/storage/garage-layout.nix
index b8cd96c..6455a51 100644
--- a/cluster/services/storage/garage-layout.nix
+++ b/cluster/services/storage/garage-layout.nix
@@ -3,6 +3,7 @@
   ];
 
   services.garage.layout.initial = {
+    grail = { zone = "eu-central"; capacity = 1000; };
     prophet = { zone = "eu-central"; capacity = 1000; };
     VEGAS = { zone = "eu-central"; capacity = 1000; };
   };
diff --git a/cluster/services/storage/garage.nix b/cluster/services/storage/garage.nix
index a362f07..b49ec67 100644
--- a/cluster/services/storage/garage.nix
+++ b/cluster/services/storage/garage.nix
@@ -30,7 +30,7 @@ in
     enable = true;
     package = depot.packages.garage;
     settings = {
-      replication_mode = "2-dangerous";
+      replication_mode = 3;
       block_size = 16 * 1024 * 1024;
       db_engine = "lmdb";
       metadata_dir = "/var/lib/garage-metadata";
diff --git a/cluster/services/storage/secrets/garage-rpc-secret.age b/cluster/services/storage/secrets/garage-rpc-secret.age
index 1698355d20544ef20de3d7b79219af976abe8f2a..4852626e95bff6dbebecd2dd7beae02505e1e892 100644
GIT binary patch
literal 828
zcmZ9{%j?^8008i@;Ux%yxSL2W!e*#x(xz=L)1+zBJeo(7KE6TamsgWC&wlf2%k<(d
zgCRIigRzOSi$_rydhsBFAOr7CPoCy!xYG{0U4MVUhmRfj9Y1s7v8bXvdpCyx-VjLV
z8d{cN$M;BzB4|`msR7BLd+lVXS}#^3x;y2wTpsLJqdJO`u|g@8xo|Py5Te&E!xjOm
zYzvzt<`$;32tr}E6({RaZ^`dgEKD4J6&IDw1cJF^&TABYGP^Arr}T^*vMVJqy|RR5
z>Mu{61)P2&n=^t9qA@1W`)M`o0%Yihu`^G%GpQ#>)iTVF+Tt+9vBqX<pB!?&MdvKT
zReNlHUeoYwve(hRu1KxEaaWKCG0}uZt<U>bY135JpPhWX0YbwjspbYTGO>+q1Qegg
z4M&T@!*Mt*;x-QkaNV;lO$q@fnK1P|T0gIOy)|DmC|JO`tA$fOsZF37)|gBOw0z=E
zx+5m+jM<4W?colX9|Q#MEsuuf+LP)dskaTmH+qQCv=}?uny@_qn<#l#nuy)@yaoi@
zkaU!*4A3W;Lo@5Tu?w?Cq#VByi%rc1{UDWxkQz$ipxSW(GG4+}IPS8xsSFjcSE!<y
z;+aufBA^?s#Y1gsi5oG^oARZ$3C|W$13Cfp?b1hgb%S5|;C=KRbU{S!ho7J-cb!ii
z7AbwqlRPEcmt3KZG)#w+O|+<#DrK$p_9&E&WEpMGDBvg%>Vp@KSW=J;o|mh&KH#^=
z@kOrFLAAb`5IJ8}wBPSZ5mVtL$O^R<VrL*z2X_?7^YP%+&?$p_e&zS8?$-~{+kcmr
zzyJ2uH%tBY#fzT`kH5S7@xw>2-2COgN6(5kKD&dw{@}~MzK~vh@3nvS&(AJB{qbM<
s?pOZX#hZ_l`@a=8w(8GkKU}!?<fp55{#b)w%^PnK>gJ<ASK&kJf7M+Ya{vGU

literal 820
zcmZ9_JCECR003}Nv0x#F4rS<o)z{+7#YybHV^ykZJGSH4aUOR3I9-SM5x?zAV#jt^
zU|{W1wPIwe)CHE~4xP9|Vn7TCAyoA%90;UShjv0#UGw__zq#i&+|*vxM|qH?``OBC
zZdy>|0lZ%O4cBSoc#DMP5f0iEtk((GM^JKTORm~RGOSBX198h%E>BEEwJZyE8YBy?
z_STRisixv(9emNTH~v)L`e~7eiZW$<+V>p;=@O;``hddA-3@PURkVbIt!ylaWa$LG
z+6I&iB5Sf3_Su}T0s$bsv<|dtt}MA;1|>#8_-JNgGcOosp)HH9qZ{QWoeYvCR@Pj^
zwhlBkHk4?0QyDK?O<<yMXJ~1w1ch4yXbv>75U8*j`aYo+8oTH*MI0+leT~{sx(YB4
z4Wq8_@I%w9!ucwS$8@q~>4mXr=U%<;R^tIW(}dm4>F9hx!5vA?a?^3A3v4nbEY=At
zQtk^Wr+HI`Tav9R461?z2`xZ;h)QM#990u+Wn`%N(kVP-YoIZh34uo!cxJJlFceXA
zcQb{#B2M65#29_PuZ_ue&C+7bN_;cX$C0(fVk4sxPBRiWVSrMVkjY|^GM72cRyuiA
zl30f8>PR$PP?^?*lIm?m>%I73%~0>R`?vOthPQI(YZty3H*Ujw5yZ`g%(6uWOuLlH
z87|Z2s-G~<Or((`oEoJjA5b01)zyL6S#(K~_H*>WQeq;KS}|63Aq+`d2i8nbH)DC^
zL5)TO=2ig!DwyOY8)XHe`nol$(FEWvKj*O8bw+)VOQ>d`EcDeMrzdy*d-289;oGyb
zAAi4b_j~u#%hN~u!f*e6^4Zyk2><2HKfnIwSBQGn{2==2=kCR~zXa-&i|e<aUi<s=
pzp&%SuOD7q`rVJug^vz@7<$M5oQQAEU-H$f%kSp@Up-%r-U0eq7-#?h

diff --git a/cluster/services/storage/secrets/storage-box-credentials.age b/cluster/services/storage/secrets/storage-box-credentials.age
index 2375bad..ca65d14 100644
--- a/cluster/services/storage/secrets/storage-box-credentials.age
+++ b/cluster/services/storage/secrets/storage-box-credentials.age
@@ -1,17 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 NO562A wZnh+3ROEclIIvMM4EhbUqytTwEVnODn9ayWAw81QGI
-id77DlK5BwGcJI79icF1dbfODRpAzuW/lmnNFQ9f8lQ
--> ssh-ed25519 5/zT0w +HimE5fwHyw00Mrl+A0OXw3unuqrRL7xBXsn3kLRFy8
-PoVKwvqyWGlPBaQ1ZTGd9gK1kc5w18z7hPJp1GAbZ1E
--> ssh-ed25519 TCgorQ oFe93M5WY5ovlHaNLBwA8LMRcydHtIt66IRzCmnxyQ4
-ni+pTTEFop45tAEBUz6zne9Xgi42+gMTdoVnAQoZUls
--> ssh-ed25519 d3WGuA g3Ku++27IcH9g3xa5NqXz1itzMkIg+qoVo+yX25K1Wk
-Li5Ni2LbyFL8Bv/yCY5pwvK3/y5bS/quMvxnlwu2/7g
--> ssh-ed25519 YIaSKQ 2SMv68txiKxrx+fs2+zMMCEa2SP4appPHlBZgPRRDH8
-xUp17uDntP1VUqrKMh0Hj73TcJh2o2LT7jaR4q7PVjY
--> e['-grease
-ZqwKkCj0096w+J1bHZS2kubJ3egBdMrxFVE12g7AMsKSmq6bC1HyWsFJ2ZMNNVX3
-L04
---- C5zj/EiQIzWfVY4XJp0eNPTfLFXud+cMOBR9/43e1jA
-³õG|HhG…ˆ“r–˜VËÉ²X9÷UÕ
-Ýz˜"¥»Zƒ-“{KzÞµM‡j%*h^V¶EŽÌÒZ¶\¡V>óuYÖ£&ËýD„BŠ)
\ No newline at end of file
+-> ssh-ed25519 NO562A PHvYqFt0SKLLlV8yvTlZWgBbo5lL/9VgNygLdGwBW08
+Y4LGNFRQ53eJajIiEvYX0ITLKWXfU3E5cMRpITJQRxI
+-> ssh-ed25519 5/zT0w DMc8D66EUXIQECXDW9RENl9Um6x1MQzKLaLHBPi4EnM
+KLHhpMkIu0CA7T9kC8KVmwv0/zdFwH5WNhmGjZ+1ij4
+-> ssh-ed25519 P/nEqQ tMZO5xCYpGizYOIgoQ0AQPdcstmrXwEIPEWypj1EIxs
+j59g3jVbAcbbDzHUlIuoP7xINU13kcbtPooUFPQkA+M
+-> ssh-ed25519 d3WGuA G7hzOZC3m8qNMDq5fQ9197zZWIt0vWyRQpNmr2sxn3Y
+m2SZoLXn2lsry8LjM7XaiencDsR/MEg6m+9bPdNSuPE
+-> ssh-ed25519 YIaSKQ 75uZb3+DQeYCbsk6JJuW1ObH3UEpl24SwOyx7YoTwiE
+OXdsQfpQbtpecAQ65JtupnKixv6aUOy8n6Hq1mIuJ2Y
+-> [+D:sv6S-grease i[2I~ [TN1 GP
+sW1AkG7SU4WCdHwMcQVYkVmKV5q217S/8fSHC7AnOsk5R0DApKQHq/ZZFkNOXA
+--- VEJFPU76joc9y2WewqQx/6+sMkM/SYhOdpdP73iUs18
+T´QS¶ý¤"Qö¿8¨«ÄÃ!ZÃéÅE:¯¿}š’wNQ¨]–¯‘xnmI€d–Þdîúy)v#Îmæ>ÙÚ9‡¨CØ	þ‰
\ No newline at end of file
diff --git a/secrets.nix b/secrets.nix
index 7d675c6..afa49aa 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -48,8 +48,8 @@ in with hosts;
   "cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
   "cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
-  "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
-  "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
+  "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
+  "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
   "cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
   "cluster/services/wireguard/mesh-keys/grail.age".publicKeys = max ++ map systemKeys [ grail ];
   "cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
