cluster/services/frangiclave: some cluster stuff

2024-07-20 23:52:16 +02:00 · 2024-07-20 23:52:16 +02:00 · ebc9b88c8d
commit ebc9b88c8d
parent ea3414c427
2 changed files with 25 additions and 2 deletions
--- a/cluster/services/frangiclave/default.nix
+++ b/cluster/services/frangiclave/default.nix
@ -1,13 +1,21 @@
+{ config, ... }:
+
 {
  services.frangiclave = {
    nodes = {
-      server = [ "VEGAS" "grail" "prophet" ]; # 3 reliable nodes
+      server = [ "VEGAS" "grail" "prophet" ];
+      cluster = config.services.frangiclave.nodes.server;
      agent = []; # all nodes, for vault-agent, secret templates, etc.
    };
+    meshLinks = {
+      server.link.protocol = "http";
+      cluster.link.protocol = "http";
+    };
    nixos = {
      server = [
        ./server.nix
      ];
+      cluster = [];
      agent = [];
    };
  };
--- a/cluster/services/frangiclave/server.nix
+++ b/cluster/services/frangiclave/server.nix
@ -1,8 +1,23 @@
-{ depot, ... }:
+{ cluster, config, depot, ... }:
+
+let
+  apiLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-server;
+  clusterLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-cluster;
+in

 {
  services.vault = {
    enable = true;
    package = depot.packages.openbao;
+    address = apiLink.tuple;
+    extraConfig = /*hcl*/ ''
+      api_addr = "${apiLink.url}"
+      cluster_addr = "${clusterLink.url}"
+    '';
+
+    storageBackend = "raft";
+    storageConfig = /*hcl*/ ''
+      node_id = "x${builtins.hashString "sha256" "frangiclave-node-${config.networking.hostName}"}"
+    '';
  };
 }