Merge pull request 'The Simulacrum: Stage 5' (#113) from pr-simulacrum-stage-5 into master

Reviewed-on: https://forge.privatevoid.net///privatevoid.net/depot/pulls/113
This commit is contained in:
Max Headroom 2024-08-16 20:54:11 +03:00
commit 81e4ae46e6
7 changed files with 95 additions and 17 deletions

View file

@ -33,7 +33,7 @@
};
};
garage = {
garage = config.lib.forService "attic" {
keys.attic.locksmith = {
nodes = config.services.attic.nodes.server;
owner = "atticd";
@ -48,14 +48,16 @@
serverAddrs = map
(node: depot.hours.${node}.interfaces.primary.addrPublic)
config.services.attic.nodes.server;
in {
in config.lib.forService "attic" {
cache.target = serverAddrs;
};
ways.cache-api = {
ways = config.lib.forService "attic" {
cache-api = {
consulService = "atticd";
extras.extraConfig = ''
client_max_body_size 4G;
'';
};
};
}

View file

@ -17,21 +17,25 @@
};
};
ways.forge.target = let
ways = let
host = builtins.head config.services.forge.nodes.server;
in config.hostLinks.${host}.forge.url;
in config.lib.forService "forge" {
forge.target = config.hostLinks.${host}.forge.url;
};
garage = {
garage = config.lib.forService "forge" {
keys.forgejo.locksmith.nodes = config.services.forge.nodes.server;
buckets.forgejo.allow.forgejo = [ "read" "write" ];
};
monitoring.blackbox.targets.forge = {
monitoring.blackbox.targets.forge = config.lib.forService "forge" {
address = "https://forge.${depot.lib.meta.domain}/api/v1/version";
module = "https2xx";
};
dns.records."ssh.forge".target = map
dns.records = config.lib.forService "forge" {
"ssh.forge".target = map
(node: depot.hours.${node}.interfaces.primary.addrPublic)
config.services.forge.nodes.server;
};
}

View file

@ -62,7 +62,7 @@
lib.unique
(map (x: "hci-agent-${x}"))
];
in {
in config.lib.forService "hercules-ci-multi-agent" {
keys = lib.genAttrs hciAgentKeys (lib.const {});
buckets.nix-store = {
allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);

View file

@ -72,7 +72,7 @@ in
};
};
garage = {
garage = config.lib.forService "monitoring" {
keys = {
loki-ingest.locksmith = {
nodes = config.services.monitoring.nodes.logging;
@ -93,7 +93,7 @@ in
};
};
ways = {
ways = config.lib.forService "monitoring" {
monitoring = {
consulService = "grafana";
extras.locations."/".proxyWebsockets = true;

View file

@ -3,11 +3,17 @@
{
imports = [
./options
./simulacrum/test-data.nix
];
services.ways = {
nodes.host = config.services.websites.nodes.host;
nixos.host = ./host.nix;
simulacrum = {
enable = true;
deps = [ "nginx" "acme-client" "dns" "certificates" "consul" ];
settings = ./simulacrum/test.nix;
};
};
dns.records = lib.mapAttrs'

View file

@ -0,0 +1,11 @@
{ config, lib, ... }:
{
ways = lib.mkIf config.simulacrum {
ways-test-simple = config.lib.forService "ways" {
target = "http://nowhere";
};
ways-test-consul = config.lib.forService "ways" {
consulService = "ways-test-service";
};
};
}

View file

@ -0,0 +1,55 @@
{ cluster, config, lib, ... }:
let
inherit (cluster._module.specialArgs.depot.lib.meta) domain;
in
{
nodes = lib.mkMerge [
{
nowhere = { pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 8080 ];
systemd.services.ways-simple-service = let
webroot = pkgs.writeTextDir "example.txt" "hello world";
in {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.darkhttpd}/bin/darkhttpd ${webroot} --port 8080";
DynamicUser = true;
};
};
};
}
(lib.genAttrs cluster.config.services.ways.nodes.host (lib.const {
services.nginx.upstreams.nowhere.servers = {
"${(builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address}:8080" = {};
};
consul.services.ways-test-service = {
unit = "consul";
mode = "external";
definition = {
name = "ways-test-service";
address = (builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address;
port = 8080;
};
};
}))
];
testScript = ''
import json
nodeNames = json.loads('${builtins.toJSON cluster.config.services.ways.nodes.host}')
nodes = [ n for n in machines if n.name in nodeNames ]
start_all()
nowhere.wait_for_unit("multi-user.target")
for node in nodes:
node.wait_for_unit("multi-user.target")
with subtest("single-target service"):
nowhere.succeed("curl -f https://ways-test-simple.${domain}")
with subtest("consul-managed service"):
nowhere.succeed("curl -f https://ways-test-consul.${domain}")
'';
}