cluster/services/storage: add grail to garage cluster

cluster/services/storage/default.nix

@@ -13,10 +13,10 @@ in
     nodes = {
       external = [ "prophet" ];
       heresy = [ "VEGAS" ];
-      garage = [ "prophet" "VEGAS" ];
+      garage = [ "grail" "prophet" "VEGAS" ];
-      garageConfig = [ "prophet" "VEGAS" ];
+      garageConfig = [ "grail" "prophet" "VEGAS" ];
       garageInternal = [ "VEGAS" ];
-      garageExternal = [ "prophet" ];
+      garageExternal = [ "grail" "prophet" ];
     };
     nixos = {
       external = [ ./external.nix ];

cluster/services/storage/garage-layout.nix

@@ -3,6 +3,7 @@
   ];
 
   services.garage.layout.initial = {
+    grail = { zone = "eu-central"; capacity = 1000; };
     prophet = { zone = "eu-central"; capacity = 1000; };
     VEGAS = { zone = "eu-central"; capacity = 1000; };
   };

cluster/services/storage/garage.nix

@@ -30,7 +30,7 @@ in
     enable = true;
     package = depot.packages.garage;
     settings = {
-      replication_mode = "2-dangerous";
+      replication_mode = 3;
       block_size = 16 * 1024 * 1024;
       db_engine = "lmdb";
       metadata_dir = "/var/lib/garage-metadata";

cluster/services/storage/secrets/storage-box-credentials.age

@@ -1,17 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 NO562A wZnh+3ROEclIIvMM4EhbUqytTwEVnODn9ayWAw81QGI
+-> ssh-ed25519 NO562A PHvYqFt0SKLLlV8yvTlZWgBbo5lL/9VgNygLdGwBW08
-id77DlK5BwGcJI79icF1dbfODRpAzuW/lmnNFQ9f8lQ
+Y4LGNFRQ53eJajIiEvYX0ITLKWXfU3E5cMRpITJQRxI
--> ssh-ed25519 5/zT0w +HimE5fwHyw00Mrl+A0OXw3unuqrRL7xBXsn3kLRFy8
+-> ssh-ed25519 5/zT0w DMc8D66EUXIQECXDW9RENl9Um6x1MQzKLaLHBPi4EnM
-PoVKwvqyWGlPBaQ1ZTGd9gK1kc5w18z7hPJp1GAbZ1E
+KLHhpMkIu0CA7T9kC8KVmwv0/zdFwH5WNhmGjZ+1ij4
--> ssh-ed25519 TCgorQ oFe93M5WY5ovlHaNLBwA8LMRcydHtIt66IRzCmnxyQ4
+-> ssh-ed25519 P/nEqQ tMZO5xCYpGizYOIgoQ0AQPdcstmrXwEIPEWypj1EIxs
-ni+pTTEFop45tAEBUz6zne9Xgi42+gMTdoVnAQoZUls
+j59g3jVbAcbbDzHUlIuoP7xINU13kcbtPooUFPQkA+M
--> ssh-ed25519 d3WGuA g3Ku++27IcH9g3xa5NqXz1itzMkIg+qoVo+yX25K1Wk
+-> ssh-ed25519 d3WGuA G7hzOZC3m8qNMDq5fQ9197zZWIt0vWyRQpNmr2sxn3Y
-Li5Ni2LbyFL8Bv/yCY5pwvK3/y5bS/quMvxnlwu2/7g
+m2SZoLXn2lsry8LjM7XaiencDsR/MEg6m+9bPdNSuPE
--> ssh-ed25519 YIaSKQ 2SMv68txiKxrx+fs2+zMMCEa2SP4appPHlBZgPRRDH8
+-> ssh-ed25519 YIaSKQ 75uZb3+DQeYCbsk6JJuW1ObH3UEpl24SwOyx7YoTwiE
-xUp17uDntP1VUqrKMh0Hj73TcJh2o2LT7jaR4q7PVjY
+OXdsQfpQbtpecAQ65JtupnKixv6aUOy8n6Hq1mIuJ2Y
--> e['-grease
+-> [+D:sv6S-grease i[2I~ [TN1 GP
-ZqwKkCj0096w+J1bHZS2kubJ3egBdMrxFVE12g7AMsKSmq6bC1HyWsFJ2ZMNNVX3
+sW1AkG7SU4WCdHwMcQVYkVmKV5q217S/8fSHC7AnOsk5R0DApKQHq/ZZFkNOXA
-L04
+--- VEJFPU76joc9y2WewqQx/6+sMkM/SYhOdpdP73iUs18
---- C5zj/EiQIzWfVY4XJp0eNPTfLFXud+cMOBR9/43e1jA
+T´<EFBFBD>QS¶ý¤"Qö¿8¨«ÄÃ!ZÃéÅE:¯¿}š’wNQ¨]–¯‘xnmI€d–Þdîúy
)v#<23>Îmæ>ÙÚ9‡¨CØ	þ‰
-³õG|HhG…ˆ“r–˜VËɲX9÷UÕ<55>
-Ýz˜"¥»Zƒ-“{KzÞ<>µM‡j%*h^V¶EŽÌÒZ¶\¡V>óuYÖ£&ËýD„BŠ)

secrets.nix

@@ -48,8 +48,8 @@ in with hosts;
   "cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
   "cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
-  "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
+  "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
-  "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
+  "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
   "cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
   "cluster/services/wireguard/mesh-keys/grail.age".publicKeys = max ++ map systemKeys [ grail ];
   "cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];