privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Compare commits

base: privatevoid.net:f8d37fd8c49bb41184dd77d53cebaf6a47136367
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
..
compare: privatevoid.net:6eee030b7a45058faf977f0b57fbab84749cff5f
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin

51 commits
f8d37fd8c4 ... 6eee030b7a

Author SHA1 Message Date
Max
6eee030b7a cluster/services/storage: register existing keys and buckets in incandescence 2024-08-12 03:04:03 +02:00
Max
75cebf4ed6 cluster/services/incandescence: add base layout for ascensions 2024-08-12 03:04:03 +02:00
Max
bc3cd82731 cluster/services/consul: implement runConsul incantation 2024-08-12 03:04:03 +02:00
Max
9cdf964c6c cluster/services/forge: define db 2024-08-12 03:04:03 +02:00
Max
bb22fe0176 cluster/services/patroni: implement raw format for locksmith provider 2024-08-12 03:04:03 +02:00
Max
d1f2bc1227 cluster/services/storage: define snakeoil passphrase for heresy, ensure encryption 2024-08-12 03:04:03 +02:00
Max
a48ee00f3d cluster/services/ways: add simulacrum deps 2024-08-12 03:04:03 +02:00
Max
9ed3655ccf cluster/services/storage: use recursive simulacrum deps 2024-08-12 03:04:03 +02:00
Max
945698a3ea cluster/services/patroni: add simulacrum deps 2024-08-12 03:04:03 +02:00
Max
f75c7b8522 cluster/services/locksmith: add simulacrum deps 2024-08-12 03:04:03 +02:00
Max
b258bab23e cluster/services/incandescence: add simulacrum deps 2024-08-12 03:04:03 +02:00
Max
e2296eace7 cluster/services/chant: add simulacrum deps 2024-08-12 03:04:03 +02:00
Max
304ae6e53c cluster/simulacrum: recursive service deps 2024-08-12 03:04:03 +02:00
Max
f322208f66 cluster/services/acme-client: implement augment for external ACME services 2024-08-12 03:04:03 +02:00
Max
7c4615ecfb cluster/simulacrum: implement nowhere, fix networking 2024-08-12 03:04:03 +02:00
Max
ec38e10fa9 cluster/services/forge: use forService 2024-08-12 03:04:03 +02:00
Max
5d9ff62afe cluster/services/dns: use patroni incandescence 2024-08-12 03:04:03 +02:00
Max
6d78b69601 cluster/services/patroni: implement incandescence provider for databases and users 2024-08-12 03:04:03 +02:00
Max
7129d44078 cluster/services/locksmith: only run secret generation command once 2024-08-12 03:04:03 +02:00
Max
76d205d114 cluster/services/locksmith: support skipping secret updates 2024-08-12 03:04:03 +02:00
Max
c8c9a6fbce modules/external-storage: implement detectFs for s3c4 2024-08-12 03:04:03 +02:00
Max
a1cad2efcd cluster/services/storage: use locksmith secrets for external storage 2024-08-12 03:04:03 +02:00
Max
c7f4e59908 cluster/services/storage: adjust test 2024-08-12 03:04:03 +02:00
Max
baed1ce871 cluster/services/storage: use incandescence 2024-08-12 03:04:03 +02:00
Max
014c1f9cd2 cluster/services/incandescence: init 2024-08-12 03:04:03 +02:00
Max
34704c8f08 modules/external-storage: support locksmith secrets 2024-08-12 03:04:03 +02:00
Max
ccc2a47880 cluster/services/storage: implement s3ql key format 2024-08-12 03:04:03 +02:00
Max
05cd729e90 cluster/services/hercules-ci-multi-agent: use forService 2024-08-12 03:04:03 +02:00
Max
8d0a2f00cc cluster/services/monitoring: use forService 2024-08-12 03:04:03 +02:00
Max
ff26e1ebc1 checks/garage: drop 2024-08-12 03:04:03 +02:00
Max
b848084dd8 packages/catalog: expose simulacrum checks differently 2024-08-12 03:04:03 +02:00
Max
fe8ddd4094 cluster/simulacrum: expose checks 2024-08-12 03:04:03 +02:00
Max
030b680b33 cluster/services/forge: use forService 2024-08-12 03:04:03 +02:00
Max
b453b0bb21 cluster/services/attic: use forService 2024-08-12 03:04:03 +02:00
Max
b6e0390555 cluster/lib: implement config.lib.forService for better option filtering 2024-08-12 03:04:03 +02:00
Max
bbe3373c2e cluster/simulacrum: set testConfig 2024-08-12 03:04:03 +02:00
Max
0ed4870b65 cluster/lib: introduce testConfig 2024-08-12 03:04:03 +02:00
Max
8ec13f5c87 cluster/services/storage: test in simulacrum 2024-08-12 03:04:03 +02:00
Max
5d52f72940 cluster/services/consul: test in simulacrum 2024-08-12 03:04:03 +02:00
Max
1af67b80ed cluster/services/wireguard: make simulacrum compatible 2024-08-12 03:04:03 +02:00
Max
a810717843 cluster/catalog: support snakeoil secrets 2024-08-12 03:04:03 +02:00
Max
bd39fc5d07 cluster/simulacrum: init 2024-08-12 03:04:03 +02:00
Max
25c001c182 cluster/lib: implement simulacrum options 2024-08-12 03:04:03 +02:00
Max
d944dee3bc WIP ENABLE DEBUG MODE 2024-08-12 02:56:57 +02:00
Max
aac5163a8b cluster/lib: implement injectNixosConfigForServices to select individual services 2024-08-12 02:56:57 +02:00
Max
01c74f62cf checks: add fake external storage module 2024-08-12 02:56:57 +02:00
Max
0110a4a0c3 checks: add a bunch of snakeoil keys 2024-08-12 02:56:57 +02:00
Max
df14a9a513 cluster/services/nginx: move acme config 2024-08-12 02:53:15 +02:00
Max
d59abfb678 cluster/services/acme-client: move acme config, wait for authoritative DNS to work 2024-08-12 02:53:15 +02:00
Max
a285c57d5b cluster/services/ways: don't render empty upstream blocks 2024-08-12 02:53:15 +02:00
Max
415fd7f076 lib/nginx: use dynamic proxy targets in proxyGhost 2024-08-12 02:53:15 +02:00
3 changed files with 0 additions and 73 deletions
Show stats Expand all files Collapse all files

27
cluster/services/frangiclave/default.nix
View file

@ -1,27 +0,0 @@
{ config, ... }:
{
services.frangiclave = {
nodes = {
server = [ "VEGAS" "grail" "prophet" ];
cluster = config.services.frangiclave.nodes.server;
agent = []; # all nodes, for vault-agent, secret templates, etc.
};
meshLinks = {
server.link.protocol = "http";
cluster.link.protocol = "http";
};
nixos = {
server = [
./server.nix
];
cluster = [];
agent = [];
};
simulacrum = {
enable = true;
deps = [ "wireguard" "consul" ];
settings = ./test.nix;
};
};
}

34
cluster/services/frangiclave/server.nix
View file

@ -1,34 +0,0 @@
{ cluster, config, depot, lib, ... }:
let
apiLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-server;
clusterLink = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-cluster;
in
{
services.vault = {
enable = true;
package = depot.packages.openbao;
address = apiLink.tuple;
extraConfig = /*hcl*/ ''
api_addr = "${apiLink.url}"
cluster_addr = "${clusterLink.url}"
'';
storageBackend = "raft";
storageConfig = /*hcl*/ ''
node_id = "x${builtins.hashString "sha256" "frangiclave-node-${config.networking.hostName}"}"
${
lib.pipe (cluster.config.services.frangiclave.otherNodes.server config.networking.hostName) [
(map (node: cluster.config.hostLinks.${node}.frangiclave-server))
(map (link: /*hcl*/ ''
retry_join {
leader_api_addr = "${link.url}"
}
''))
(lib.concatStringsSep "\n")
]
}
'';
};
}

12
cluster/services/frangiclave/test.nix
View file

@ -1,12 +0,0 @@
{ lib, ... }:
{
interactive.defaults = { cluster, config, ... }: {
config = lib.mkIf config.services.vault.enable {
environment.variables.VAULT_ADDR = cluster.config.hostLinks.${config.networking.hostName}.frangiclave-server.url;
environment.systemPackages = [ config.services.vault.package ];
};
};
testScript = "assert False";
}