privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Merge pull request 'The Simulacrum: Stage 5' (#113) from pr-simulacrum-stage-5 into master

Browse source 
Reviewed-on: https://forge.privatevoid.net///privatevoid.net/depot/pulls/113
This commit is contained in:
Max Headroom 2024-08-16 20:54:11 +03:00
commit 81e4ae46e6
7 changed files with 95 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cluster/services/attic/default.nix
View file

@ -33,7 +33,7 @@
}; };
}; };
garage = { garage = config.lib.forService "attic" {
keys.attic.locksmith = { keys.attic.locksmith = {
nodes = config.services.attic.nodes.server; nodes = config.services.attic.nodes.server;
owner = "atticd"; owner = "atticd";
@ -48,14 +48,16 @@
serverAddrs = map serverAddrs = map
(node: depot.hours.${node}.interfaces.primary.addrPublic) (node: depot.hours.${node}.interfaces.primary.addrPublic)
config.services.attic.nodes.server; config.services.attic.nodes.server;
in { in config.lib.forService "attic" {
cache.target = serverAddrs; cache.target = serverAddrs;
}; };
ways.cache-api = { ways = config.lib.forService "attic" {
cache-api = {
consulService = "atticd"; consulService = "atticd";
extras.extraConfig = '' extras.extraConfig = ''
client_max_body_size 4G; client_max_body_size 4G;
''; '';
}; };
};
} }

14
cluster/services/forge/default.nix
View file

@ -17,21 +17,25 @@
}; };
}; };
ways.forge.target = let ways = let
host = builtins.head config.services.forge.nodes.server; host = builtins.head config.services.forge.nodes.server;
in config.hostLinks.${host}.forge.url; in config.lib.forService "forge" {
forge.target = config.hostLinks.${host}.forge.url;
};
garage = { garage = config.lib.forService "forge" {
keys.forgejo.locksmith.nodes = config.services.forge.nodes.server; keys.forgejo.locksmith.nodes = config.services.forge.nodes.server;
buckets.forgejo.allow.forgejo = [ "read" "write" ]; buckets.forgejo.allow.forgejo = [ "read" "write" ];
}; };
monitoring.blackbox.targets.forge = { monitoring.blackbox.targets.forge = config.lib.forService "forge" {
address = "https://forge.${depot.lib.meta.domain}/api/v1/version"; address = "https://forge.${depot.lib.meta.domain}/api/v1/version";
module = "https2xx"; module = "https2xx";
}; };
dns.records."ssh.forge".target = map dns.records = config.lib.forService "forge" {
"ssh.forge".target = map
(node: depot.hours.${node}.interfaces.primary.addrPublic) (node: depot.hours.${node}.interfaces.primary.addrPublic)
config.services.forge.nodes.server; config.services.forge.nodes.server;
};
} }

2
cluster/services/hercules-ci-multi-agent/default.nix
View file

@ -62,7 +62,7 @@
lib.unique lib.unique
(map (x: "hci-agent-${x}")) (map (x: "hci-agent-${x}"))
]; ];
in { in config.lib.forService "hercules-ci-multi-agent" {
keys = lib.genAttrs hciAgentKeys (lib.const {}); keys = lib.genAttrs hciAgentKeys (lib.const {});
buckets.nix-store = { buckets.nix-store = {
allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]); allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);

4
cluster/services/monitoring/default.nix
View file

@ -72,7 +72,7 @@ in
}; };
}; };
garage = { garage = config.lib.forService "monitoring" {
keys = { keys = {
loki-ingest.locksmith = { loki-ingest.locksmith = {
nodes = config.services.monitoring.nodes.logging; nodes = config.services.monitoring.nodes.logging;
@ -93,7 +93,7 @@ in
}; };
}; };
ways = { ways = config.lib.forService "monitoring" {
monitoring = { monitoring = {
consulService = "grafana"; consulService = "grafana";
extras.locations."/".proxyWebsockets = true; extras.locations."/".proxyWebsockets = true;

6
cluster/services/ways/default.nix
View file

@ -3,11 +3,17 @@
{ {
imports = [ imports = [
./options ./options
./simulacrum/test-data.nix
]; ];
services.ways = { services.ways = {
nodes.host = config.services.websites.nodes.host; nodes.host = config.services.websites.nodes.host;
nixos.host = ./host.nix; nixos.host = ./host.nix;
simulacrum = {
enable = true;
deps = [ "nginx" "acme-client" "dns" "certificates" "consul" ];
settings = ./simulacrum/test.nix;
};
}; };
dns.records = lib.mapAttrs' dns.records = lib.mapAttrs'

11
cluster/services/ways/simulacrum/test-data.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, lib, ... }:
{
ways = lib.mkIf config.simulacrum {
ways-test-simple = config.lib.forService "ways" {
target = "http://nowhere";
};
ways-test-consul = config.lib.forService "ways" {
consulService = "ways-test-service";
};
};
}

55
cluster/services/ways/simulacrum/test.nix Normal file
View file

@ -0,0 +1,55 @@
{ cluster, config, lib, ... }:
let
inherit (cluster._module.specialArgs.depot.lib.meta) domain;
in
{
nodes = lib.mkMerge [
{
nowhere = { pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 8080 ];
systemd.services.ways-simple-service = let
webroot = pkgs.writeTextDir "example.txt" "hello world";
in {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.darkhttpd}/bin/darkhttpd ${webroot} --port 8080";
DynamicUser = true;
};
};
};
}
(lib.genAttrs cluster.config.services.ways.nodes.host (lib.const {
services.nginx.upstreams.nowhere.servers = {
"${(builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address}:8080" = {};
};
consul.services.ways-test-service = {
unit = "consul";
mode = "external";
definition = {
name = "ways-test-service";
address = (builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address;
port = 8080;
};
};
}))
];
testScript = ''
import json
nodeNames = json.loads('${builtins.toJSON cluster.config.services.ways.nodes.host}')
nodes = [ n for n in machines if n.name in nodeNames ]
start_all()
nowhere.wait_for_unit("multi-user.target")
for node in nodes:
node.wait_for_unit("multi-user.target")
with subtest("single-target service"):
nowhere.succeed("curl -f https://ways-test-simple.${domain}")
with subtest("consul-managed service"):
nowhere.succeed("curl -f https://ways-test-consul.${domain}")
'';
}