Merge pull request 'The Simulacrum: Stage 5' (#113) from pr-simulacrum-stage-5 into master

Reviewed-on: https://forge.privatevoid.net///privatevoid.net/depot/pulls/113
2024-08-16 20:54:11 +03:00 · 2024-08-16 20:54:11 +03:00 · 81e4ae46e6
commit 81e4ae46e6
parent 5a68c052a9 f4f35c3ae3
7 changed files with 95 additions and 17 deletions
--- a/cluster/services/attic/default.nix
+++ b/cluster/services/attic/default.nix
@ -33,7 +33,7 @@
    };
  };

-  garage = {
+  garage = config.lib.forService "attic" {
    keys.attic.locksmith = {
      nodes = config.services.attic.nodes.server;
      owner = "atticd";
@ -48,14 +48,16 @@
    serverAddrs = map
      (node: depot.hours.${node}.interfaces.primary.addrPublic)
      config.services.attic.nodes.server;
-  in {
+  in config.lib.forService "attic" {
    cache.target = serverAddrs;
  };

-  ways.cache-api = {
+  ways = config.lib.forService "attic" {
+    cache-api = {
      consulService = "atticd";
      extras.extraConfig = ''
        client_max_body_size 4G;
      '';
    };
+  };
 }
--- a/cluster/services/forge/default.nix
+++ b/cluster/services/forge/default.nix
@ -17,21 +17,25 @@
    };
  };

-  ways.forge.target = let
+  ways = let
    host = builtins.head config.services.forge.nodes.server;
-  in config.hostLinks.${host}.forge.url;
+  in config.lib.forService "forge" {
+    forge.target = config.hostLinks.${host}.forge.url;
+  };

-  garage = {
+  garage = config.lib.forService "forge" {
    keys.forgejo.locksmith.nodes = config.services.forge.nodes.server;
    buckets.forgejo.allow.forgejo = [ "read" "write" ];
  };

-  monitoring.blackbox.targets.forge = {
+  monitoring.blackbox.targets.forge = config.lib.forService "forge" {
    address = "https://forge.${depot.lib.meta.domain}/api/v1/version";
    module = "https2xx";
  };

-  dns.records."ssh.forge".target = map
+  dns.records = config.lib.forService "forge" {
+    "ssh.forge".target = map
      (node: depot.hours.${node}.interfaces.primary.addrPublic)
      config.services.forge.nodes.server;
+  };
 }
--- a/cluster/services/hercules-ci-multi-agent/default.nix
+++ b/cluster/services/hercules-ci-multi-agent/default.nix
@ -62,7 +62,7 @@
      lib.unique
      (map (x: "hci-agent-${x}"))
    ];
-  in {
+  in config.lib.forService "hercules-ci-multi-agent" {
    keys = lib.genAttrs hciAgentKeys (lib.const {});
    buckets.nix-store = {
      allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);
--- a/cluster/services/monitoring/default.nix
+++ b/cluster/services/monitoring/default.nix
@ -72,7 +72,7 @@ in
    };
  };

-  garage = {
+  garage = config.lib.forService "monitoring" {
    keys = {
      loki-ingest.locksmith = {
        nodes = config.services.monitoring.nodes.logging;
@ -93,7 +93,7 @@ in
    };
  };

-  ways = {
+  ways = config.lib.forService "monitoring" {
    monitoring = {
      consulService = "grafana";
      extras.locations."/".proxyWebsockets = true;
--- a/cluster/services/ways/default.nix
+++ b/cluster/services/ways/default.nix
@ -3,11 +3,17 @@
 {
  imports = [
    ./options
+    ./simulacrum/test-data.nix
  ];

  services.ways = {
    nodes.host = config.services.websites.nodes.host;
    nixos.host = ./host.nix;
+    simulacrum = {
+      enable = true;
+      deps = [ "nginx" "acme-client" "dns" "certificates" "consul" ];
+      settings = ./simulacrum/test.nix;
+    };
  };

  dns.records = lib.mapAttrs'
--- a/cluster/services/ways/simulacrum/test-data.nix
+++ b/cluster/services/ways/simulacrum/test-data.nix
@ -0,0 +1,11 @@
+{ config, lib, ... }:
+{
+  ways = lib.mkIf config.simulacrum {
+    ways-test-simple = config.lib.forService "ways" {
+      target = "http://nowhere";
+    };
+    ways-test-consul = config.lib.forService "ways" {
+      consulService = "ways-test-service";
+    };
+  };
+}
--- a/cluster/services/ways/simulacrum/test.nix
+++ b/cluster/services/ways/simulacrum/test.nix
@ -0,0 +1,55 @@
+{ cluster, config, lib, ... }:
+
+let
+  inherit (cluster._module.specialArgs.depot.lib.meta) domain;
+in
+
+{
+  nodes = lib.mkMerge [
+    {
+      nowhere = { pkgs, ... }: {
+        networking.firewall.allowedTCPPorts = [ 8080 ];
+        systemd.services.ways-simple-service = let
+          webroot = pkgs.writeTextDir "example.txt" "hello world";
+        in {
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            ExecStart = "${pkgs.darkhttpd}/bin/darkhttpd ${webroot} --port 8080";
+            DynamicUser = true;
+          };
+        };
+      };
+    }
+    (lib.genAttrs cluster.config.services.ways.nodes.host (lib.const {
+      services.nginx.upstreams.nowhere.servers = {
+        "${(builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address}:8080" = {};
+      };
+      consul.services.ways-test-service = {
+        unit = "consul";
+        mode = "external";
+        definition = {
+          name = "ways-test-service";
+          address = (builtins.head config.nodes.nowhere.networking.interfaces.eth1.ipv4.addresses).address;
+          port = 8080;
+        };
+      };
+    }))
+  ];
+
+  testScript = ''
+    import json
+    nodeNames = json.loads('${builtins.toJSON cluster.config.services.ways.nodes.host}')
+    nodes = [ n for n in machines if n.name in nodeNames ]
+
+    start_all()
+    nowhere.wait_for_unit("multi-user.target")
+    for node in nodes:
+      node.wait_for_unit("multi-user.target")
+
+    with subtest("single-target service"):
+      nowhere.succeed("curl -f https://ways-test-simple.${domain}")
+
+    with subtest("consul-managed service"):
+      nowhere.succeed("curl -f https://ways-test-consul.${domain}")
+  '';
+}