cluster/simulacrum: allow limiting nodes

cluster/lib/service-module.nix

@@ -1,9 +1,8 @@
-{ config, lib, name, ... }:
+{ config, lib, ... }:
 with lib;
 
 let
   filterGroup = group: hostName: builtins.filter (x: x != hostName) group;
-  serviceName = name;
 in
 
 {
@@ -65,6 +64,11 @@ in
         type = types.deferredModule;
         default = {};
       };
+      availableNodes = mkOption {
+        description = "Nodes to include in the scenario.";
+        type = with types; nullOr (listOf str);
+        default = null;
+      };
     };
   };
   config.otherNodes = builtins.mapAttrs (const filterGroup) config.nodes;

cluster/simulacrum/default.nix

@@ -22,8 +22,10 @@ let
     };
   };
 
-  nodes = lib.attrNames config.gods.fromLight;
-  nodes' = lib.attrNames (config.gods.fromLight // { nowhere = null; });
+  nodesConfigured = config.cluster.config.services.${service}.simulacrum.availableNodes;
+  availableNodes = if nodesConfigured == null then config.gods.fromLight else lib.genAttrs nodesConfigured (_: throw "unreachable");
+  nodes = lib.attrNames availableNodes;
+  nodes' = lib.attrNames (availableNodes // { nowhere = null; });
   digits = lib.attrsets.listToAttrs (lib.zipListsWith lib.nameValuePair nodes' (lib.range 1 255));
   depot' = extendModules {
     modules = [

cluster/simulacrum/nowhere/default.nix

@@ -52,6 +52,8 @@ let
   genHostCert = hostname: genCert [ "--hostname=${hostname}" ] { CN = hostname; };
 
   getNodeAddr = node: (builtins.head config.nodes.${node}.networking.interfaces.eth1.ipv4.addresses).address;
+
+  filterActiveNodes = lib.filterAttrs (node: _: config.nodes ? node);
 in
 
 {
@@ -79,7 +81,7 @@ in
         address = hour.interfaces.primary.addrPublic;
         prefixLength = 32;
         via = getNodeAddr name;
-      }) depot.gods.fromLight;
+      }) (filterActiveNodes depot.gods.fromLight);
       nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
     };
     services.nginx = {