diff --git a/cluster/services/attic/default.nix b/cluster/services/attic/default.nix index 2f57697..814e8f6 100644 --- a/cluster/services/attic/default.nix +++ b/cluster/services/attic/default.nix @@ -33,7 +33,7 @@ }; }; - garage = { + garage = config.lib.forService "attic" { keys.attic.locksmith = { nodes = config.services.attic.nodes.server; owner = "atticd"; @@ -48,14 +48,16 @@ serverAddrs = map (node: depot.hours.${node}.interfaces.primary.addrPublic) config.services.attic.nodes.server; - in { + in config.lib.forService "attic" { cache.target = serverAddrs; }; - ways.cache-api = { - consulService = "atticd"; - extras.extraConfig = '' - client_max_body_size 4G; - ''; + ways = config.lib.forService "attic" { + cache-api = { + consulService = "atticd"; + extras.extraConfig = '' + client_max_body_size 4G; + ''; + }; }; } diff --git a/cluster/services/forge/default.nix b/cluster/services/forge/default.nix index 6bc14a5..e8776d9 100644 --- a/cluster/services/forge/default.nix +++ b/cluster/services/forge/default.nix @@ -17,21 +17,25 @@ }; }; - ways.forge.target = let + ways = let host = builtins.head config.services.forge.nodes.server; - in config.hostLinks.${host}.forge.url; + in config.lib.forService "forge" { + forge.target = config.hostLinks.${host}.forge.url; + }; - garage = { + garage = config.lib.forService "forge" { keys.forgejo.locksmith.nodes = config.services.forge.nodes.server; buckets.forgejo.allow.forgejo = [ "read" "write" ]; }; - monitoring.blackbox.targets.forge = { + monitoring.blackbox.targets.forge = config.lib.forService "forge" { address = "https://forge.${depot.lib.meta.domain}/api/v1/version"; module = "https2xx"; }; - dns.records."ssh.forge".target = map - (node: depot.hours.${node}.interfaces.primary.addrPublic) - config.services.forge.nodes.server; + dns.records = config.lib.forService "forge" { + "ssh.forge".target = map + (node: depot.hours.${node}.interfaces.primary.addrPublic) + config.services.forge.nodes.server; + }; } diff --git a/cluster/services/hercules-ci-multi-agent/default.nix b/cluster/services/hercules-ci-multi-agent/default.nix index 5bc6442..67515ee 100644 --- a/cluster/services/hercules-ci-multi-agent/default.nix +++ b/cluster/services/hercules-ci-multi-agent/default.nix @@ -62,7 +62,7 @@ lib.unique (map (x: "hci-agent-${x}")) ]; - in { + in config.lib.forService "hercules-ci-multi-agent" { keys = lib.genAttrs hciAgentKeys (lib.const {}); buckets.nix-store = { allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]); diff --git a/cluster/services/monitoring/default.nix b/cluster/services/monitoring/default.nix index 459616e..1678fe3 100644 --- a/cluster/services/monitoring/default.nix +++ b/cluster/services/monitoring/default.nix @@ -72,7 +72,7 @@ in }; }; - garage = { + garage = config.lib.forService "monitoring" { keys = { loki-ingest.locksmith = { nodes = config.services.monitoring.nodes.logging; @@ -93,7 +93,7 @@ in }; }; - ways = { + ways = config.lib.forService "monitoring" { monitoring = { consulService = "grafana"; extras.locations."/".proxyWebsockets = true; diff --git a/cluster/services/ways/default.nix b/cluster/services/ways/default.nix index 013d697..67ff6ef 100644 --- a/cluster/services/ways/default.nix +++ b/cluster/services/ways/default.nix @@ -3,11 +3,17 @@ { imports = [ ./options + ./simulacrum/test-data.nix ]; services.ways = { nodes.host = config.services.websites.nodes.host; nixos.host = ./host.nix; + simulacrum = { + enable = true; + deps = [ "nginx" "acme-client" "dns" "certificates" "consul" ]; + settings = ./simulacrum/test.nix; + }; }; dns.records = lib.mapAttrs' diff --git a/cluster/services/ways/simulacrum/test-data.nix b/cluster/services/ways/simulacrum/test-data.nix new file mode 100644 index 0000000..4a6cd15 --- /dev/null +++ b/cluster/services/ways/simulacrum/test-data.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: +{ + ways = lib.mkIf config.simulacrum { + ways-test-simple = config.lib.forService "ways" { + target = "http://nowhere"; + }; + ways-test-consul = config.lib.forService "ways" { + consulService = "ways-test-service"; + }; + }; +} diff --git a/cluster/services/ways/simulacrum/test.nix b/cluster/services/ways/simulacrum/test.nix new file mode 100644 index 0000000..e2b3b8e --- /dev/null +++ b/cluster/services/ways/simulacrum/test.nix @@ -0,0 +1,55 @@ +{ cluster, config, lib, ... }: + +let + inherit (cluster._module.specialArgs.depot.lib.meta) domain; +in + +{ + nodes = lib.mkMerge [ + { + nowhere = { pkgs, ... }: { + networking.firewall.allowedTCPPorts = [ 8080 ]; + systemd.services.ways-simple-service = let + webroot = pkgs.writeTextDir "example.txt" "hello world"; + in { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.darkhttpd}/bin/darkhttpd ${webroot} --port 8080"; + DynamicUser = true; + }; + }; + }; + } + (lib.genAttrs cluster.config.services.ways.nodes.host (lib.const { + services.nginx.upstreams.nowhere.servers = { + "${(builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address}:8080" = {}; + }; + consul.services.ways-test-service = { + unit = "consul"; + mode = "external"; + definition = { + name = "ways-test-service"; + address = (builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address; + port = 8080; + }; + }; + })) + ]; + + testScript = '' + import json + nodeNames = json.loads('${builtins.toJSON cluster.config.services.ways.nodes.host}') + nodes = [ n for n in machines if n.name in nodeNames ] + + start_all() + nowhere.wait_for_unit("multi-user.target") + for node in nodes: + node.wait_for_unit("multi-user.target") + + with subtest("single-target service"): + nowhere.succeed("curl -f https://ways-test-simple.${domain}") + + with subtest("consul-managed service"): + nowhere.succeed("curl -f https://ways-test-consul.${domain}") + ''; +}