From 757e7ef54caf63de1683c7862f1aa8b0a773f535 Mon Sep 17 00:00:00 2001 From: Max Date: Sat, 20 Jul 2024 23:52:16 +0200 Subject: [PATCH] cluster/services/frangiclave: some cluster stuff --- cluster/services/frangiclave/default.nix | 10 +++++++++- cluster/services/frangiclave/server.nix | 17 ++++++++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/cluster/services/frangiclave/default.nix b/cluster/services/frangiclave/default.nix index 9f01461..a64aa9b 100644 --- a/cluster/services/frangiclave/default.nix +++ b/cluster/services/frangiclave/default.nix @@ -1,13 +1,21 @@ +{ config, ... }: + { services.frangiclave = { nodes = { - server = [ "VEGAS" "grail" "prophet" ]; # 3 reliable nodes + server = [ "VEGAS" "grail" "prophet" ]; + cluster = config.services.frangiclave.nodes.server; agent = []; # all nodes, for vault-agent, secret templates, etc. }; + meshLinks = { + server.link.protocol = "http"; + cluster.link.protocol = "http"; + }; nixos = { server = [ ./server.nix ]; + cluster = []; agent = []; }; }; diff --git a/cluster/services/frangiclave/server.nix b/cluster/services/frangiclave/server.nix index 0c83ab1..f09806d 100644 --- a/cluster/services/frangiclave/server.nix +++ b/cluster/services/frangiclave/server.nix @@ -1,8 +1,23 @@ -{ depot, ... }: +{ cluster, config, depot, ... }: + +let + apiLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-server; + clusterLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-cluster; +in { services.vault = { enable = true; package = depot.packages.openbao; + address = apiLink.tuple; + extraConfig = /*hcl*/ '' + api_addr = "${apiLink.url}" + cluster_addr = "${clusterLink.url}" + ''; + + storageBackend = "raft"; + storageConfig = /*hcl*/ '' + node_id = "x${builtins.hashString "sha256" "frangiclave-node-${config.networking.hostName}"}" + ''; }; }