privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Compare commits

base: privatevoid.net:dea2425e274a9fe88c524ea3b35164a1fe259988
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
..
compare: privatevoid.net:06043e438ee91aa7980427c79d8d9c4c60bf43b8
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin

2 commits
dea2425e27 ... 06043e438e

Author SHA1 Message Date
Max
06043e438e fixup! cluster/services/consul: test in simulacrum 2024-08-13 22:07:28 +02:00
Max
fc8df77023 modules/system-info: drop 2024-08-13 22:05:23 +02:00
4 changed files with 43 additions and 47 deletions
Show stats Expand all files Collapse all files

5
cluster/services/consul/test.nix
View file

@ -5,9 +5,10 @@
start_all() start_all()
with subtest("should form cluster"): with subtest("should form cluster"):
for machine in machines: nodes = [ n for n in machines if n != nowhere ]
for machine in nodes:
machine.succeed("systemctl start consul-ready.service") machine.succeed("systemctl start consul-ready.service")
for machine in machines: for machine in nodes:
consulConfig = json.loads(machine.succeed("cat /etc/consul.json")) consulConfig = json.loads(machine.succeed("cat /etc/consul.json"))
addr = consulConfig["addresses"]["http"] addr = consulConfig["addresses"]["http"]
port = consulConfig["ports"]["http"] port = consulConfig["ports"]["http"]

12
cluster/simulacrum/default.nix
View file

@ -59,13 +59,11 @@ testers.runNixOSTest {
imports = [ imports = [
serviceConfig.simulacrum.settings serviceConfig.simulacrum.settings
./nowhere ./nowhere
({ config, ... }: { {
config = lib.mkIf config.nowhere.enable { nodes.nowhere.imports = [
nodes.nowhere.imports = [ config.flake.nixosModules.port-magic
lift.flake.nixosModules.port-magic ];
]; }
};
})
] ++ allAugments; ] ++ allAugments;
_module.args = { _module.args = {

72
cluster/simulacrum/nowhere/default.nix
View file

@ -58,46 +58,44 @@ in
imports = [ imports = [
./options.nix ./options.nix
]; ];
config = lib.mkIf config.nowhere.enable { defaults = {
defaults = { networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names;
networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names; security.pki.certificateFiles = [
security.pki.certificateFiles = [ "${ca}/ca.pem"
"${ca}/ca.pem" ];
]; };
};
nowhere.certs = { nowhere.certs = {
inherit ca; inherit ca;
intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] { intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] {
CN = "Simulacrum Intermediate CA"; CN = "Simulacrum Intermediate CA";
};
}; };
};
nodes.nowhere = { config, depot, ... }: { nodes.nowhere = { config, depot, ... }: {
networking = { networking = {
firewall.allowedTCPPorts = [ 443 ]; firewall.allowedTCPPorts = [ 443 ];
interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: { interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: {
address = hour.interfaces.primary.addrPublic; address = hour.interfaces.primary.addrPublic;
prefixLength = 32; prefixLength = 32;
via = getNodeAddr name; via = getNodeAddr name;
}) depot.gods.fromLight; }) depot.gods.fromLight;
nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative; nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = lib.mapAttrs (name: link: let virtualHosts = lib.mapAttrs (name: link: let
cert = genHostCert name; cert = genHostCert name;
in { in {
forceSSL = true; forceSSL = true;
sslCertificate = "${cert}/cert.pem"; sslCertificate = "${cert}/cert.pem";
sslCertificateKey = "${cert}/cert-key.pem"; sslCertificateKey = "${cert}/cert-key.pem";
locations."/" = { locations."/" = {
proxyPass = config.links.${link}.url; proxyPass = config.links.${link}.url;
extraConfig = "proxy_ssl_verify off;"; extraConfig = "proxy_ssl_verify off;";
}; };
}) lift.nowhere.names; }) lift.nowhere.names;
};
}; };
}; };
} }

1
cluster/simulacrum/nowhere/options.nix
View file

@ -2,7 +2,6 @@
{ {
options.nowhere = { options.nowhere = {
enable = lib.mkEnableOption "Nowhere";
names = lib.mkOption { names = lib.mkOption {
description = "Hostnames that point Nowhere."; description = "Hostnames that point Nowhere.";
type = with lib.types; attrsOf str; type = with lib.types; attrsOf str;