Merge pull request 'The Simulacrum: Stage 5' (#113) from pr-simulacrum-stage-5 into master
Reviewed-on: https://forge.privatevoid.net///privatevoid.net/depot/pulls/113
This commit is contained in:
commit
81e4ae46e6
7 changed files with 95 additions and 17 deletions
|
@ -33,7 +33,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
garage = {
|
||||
garage = config.lib.forService "attic" {
|
||||
keys.attic.locksmith = {
|
||||
nodes = config.services.attic.nodes.server;
|
||||
owner = "atticd";
|
||||
|
@ -48,14 +48,16 @@
|
|||
serverAddrs = map
|
||||
(node: depot.hours.${node}.interfaces.primary.addrPublic)
|
||||
config.services.attic.nodes.server;
|
||||
in {
|
||||
in config.lib.forService "attic" {
|
||||
cache.target = serverAddrs;
|
||||
};
|
||||
|
||||
ways.cache-api = {
|
||||
ways = config.lib.forService "attic" {
|
||||
cache-api = {
|
||||
consulService = "atticd";
|
||||
extras.extraConfig = ''
|
||||
client_max_body_size 4G;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,21 +17,25 @@
|
|||
};
|
||||
};
|
||||
|
||||
ways.forge.target = let
|
||||
ways = let
|
||||
host = builtins.head config.services.forge.nodes.server;
|
||||
in config.hostLinks.${host}.forge.url;
|
||||
in config.lib.forService "forge" {
|
||||
forge.target = config.hostLinks.${host}.forge.url;
|
||||
};
|
||||
|
||||
garage = {
|
||||
garage = config.lib.forService "forge" {
|
||||
keys.forgejo.locksmith.nodes = config.services.forge.nodes.server;
|
||||
buckets.forgejo.allow.forgejo = [ "read" "write" ];
|
||||
};
|
||||
|
||||
monitoring.blackbox.targets.forge = {
|
||||
monitoring.blackbox.targets.forge = config.lib.forService "forge" {
|
||||
address = "https://forge.${depot.lib.meta.domain}/api/v1/version";
|
||||
module = "https2xx";
|
||||
};
|
||||
|
||||
dns.records."ssh.forge".target = map
|
||||
dns.records = config.lib.forService "forge" {
|
||||
"ssh.forge".target = map
|
||||
(node: depot.hours.${node}.interfaces.primary.addrPublic)
|
||||
config.services.forge.nodes.server;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -62,7 +62,7 @@
|
|||
lib.unique
|
||||
(map (x: "hci-agent-${x}"))
|
||||
];
|
||||
in {
|
||||
in config.lib.forService "hercules-ci-multi-agent" {
|
||||
keys = lib.genAttrs hciAgentKeys (lib.const {});
|
||||
buckets.nix-store = {
|
||||
allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);
|
||||
|
|
|
@ -72,7 +72,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
garage = {
|
||||
garage = config.lib.forService "monitoring" {
|
||||
keys = {
|
||||
loki-ingest.locksmith = {
|
||||
nodes = config.services.monitoring.nodes.logging;
|
||||
|
@ -93,7 +93,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
ways = {
|
||||
ways = config.lib.forService "monitoring" {
|
||||
monitoring = {
|
||||
consulService = "grafana";
|
||||
extras.locations."/".proxyWebsockets = true;
|
||||
|
|
|
@ -3,11 +3,17 @@
|
|||
{
|
||||
imports = [
|
||||
./options
|
||||
./simulacrum/test-data.nix
|
||||
];
|
||||
|
||||
services.ways = {
|
||||
nodes.host = config.services.websites.nodes.host;
|
||||
nixos.host = ./host.nix;
|
||||
simulacrum = {
|
||||
enable = true;
|
||||
deps = [ "nginx" "acme-client" "dns" "certificates" "consul" ];
|
||||
settings = ./simulacrum/test.nix;
|
||||
};
|
||||
};
|
||||
|
||||
dns.records = lib.mapAttrs'
|
||||
|
|
11
cluster/services/ways/simulacrum/test-data.nix
Normal file
11
cluster/services/ways/simulacrum/test-data.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
ways = lib.mkIf config.simulacrum {
|
||||
ways-test-simple = config.lib.forService "ways" {
|
||||
target = "http://nowhere";
|
||||
};
|
||||
ways-test-consul = config.lib.forService "ways" {
|
||||
consulService = "ways-test-service";
|
||||
};
|
||||
};
|
||||
}
|
55
cluster/services/ways/simulacrum/test.nix
Normal file
55
cluster/services/ways/simulacrum/test.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{ cluster, config, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (cluster._module.specialArgs.depot.lib.meta) domain;
|
||||
in
|
||||
|
||||
{
|
||||
nodes = lib.mkMerge [
|
||||
{
|
||||
nowhere = { pkgs, ... }: {
|
||||
networking.firewall.allowedTCPPorts = [ 8080 ];
|
||||
systemd.services.ways-simple-service = let
|
||||
webroot = pkgs.writeTextDir "example.txt" "hello world";
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.darkhttpd}/bin/darkhttpd ${webroot} --port 8080";
|
||||
DynamicUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
(lib.genAttrs cluster.config.services.ways.nodes.host (lib.const {
|
||||
services.nginx.upstreams.nowhere.servers = {
|
||||
"${(builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address}:8080" = {};
|
||||
};
|
||||
consul.services.ways-test-service = {
|
||||
unit = "consul";
|
||||
mode = "external";
|
||||
definition = {
|
||||
name = "ways-test-service";
|
||||
address = (builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address;
|
||||
port = 8080;
|
||||
};
|
||||
};
|
||||
}))
|
||||
];
|
||||
|
||||
testScript = ''
|
||||
import json
|
||||
nodeNames = json.loads('${builtins.toJSON cluster.config.services.ways.nodes.host}')
|
||||
nodes = [ n for n in machines if n.name in nodeNames ]
|
||||
|
||||
start_all()
|
||||
nowhere.wait_for_unit("multi-user.target")
|
||||
for node in nodes:
|
||||
node.wait_for_unit("multi-user.target")
|
||||
|
||||
with subtest("single-target service"):
|
||||
nowhere.succeed("curl -f https://ways-test-simple.${domain}")
|
||||
|
||||
with subtest("consul-managed service"):
|
||||
nowhere.succeed("curl -f https://ways-test-consul.${domain}")
|
||||
'';
|
||||
}
|
Loading…
Reference in a new issue