From 41128f4c36f79def480b8cb866205296d703f247 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 24 Aug 2022 15:48:18 +0200
Subject: [PATCH] Clone core module in staging and prod, move bad stuff to
 experimental

---
 .../prod/app}/core/deploy/core.hcl            |  0
 cluster/prod/app/secretmgr.py                 |  1 +
 cluster/prod/app/shell.nix                    |  1 +
 cluster/staging/app/core/deploy/core.hcl      | 71 +++++++++++++++++++
 cluster/staging/app/secretmgr.py              |  1 +
 cluster/staging/app/shell.nix                 |  1 +
 .../bad.csi-s3/deploy/csi-s3.hcl              |  0
 .../bad.csi-s3/deploy/dummy-volume.hcl        |  0
 .../bad.nextcloud/config/litestream.yml       |  0
 .../bad.nextcloud/deploy/nextcloud.hcl        |  0
 .../secrets/nextcloud/admin_pass              |  0
 .../secrets/nextcloud/admin_user              |  0
 .../secrets/nextcloud/s3_access_key           |  0
 .../secrets/nextcloud/s3_secret_key           |  0
 .../bad.yugabyte/deploy/yugabyte.hcl          |  0
 {app => secretmgr}/secretmgr.py               |  0
 {app => secretmgr}/shell.nix                  |  0
 17 files changed, 75 insertions(+)
 rename {app => cluster/prod/app}/core/deploy/core.hcl (100%)
 create mode 120000 cluster/prod/app/secretmgr.py
 create mode 120000 cluster/prod/app/shell.nix
 create mode 100644 cluster/staging/app/core/deploy/core.hcl
 create mode 120000 cluster/staging/app/secretmgr.py
 create mode 120000 cluster/staging/app/shell.nix
 rename {app => experimental}/bad.csi-s3/deploy/csi-s3.hcl (100%)
 rename {app => experimental}/bad.csi-s3/deploy/dummy-volume.hcl (100%)
 rename {app => experimental}/bad.nextcloud/config/litestream.yml (100%)
 rename {app => experimental}/bad.nextcloud/deploy/nextcloud.hcl (100%)
 rename {app => experimental}/bad.nextcloud/secrets/nextcloud/admin_pass (100%)
 rename {app => experimental}/bad.nextcloud/secrets/nextcloud/admin_user (100%)
 rename {app => experimental}/bad.nextcloud/secrets/nextcloud/s3_access_key (100%)
 rename {app => experimental}/bad.nextcloud/secrets/nextcloud/s3_secret_key (100%)
 rename {app => experimental}/bad.yugabyte/deploy/yugabyte.hcl (100%)
 rename {app => secretmgr}/secretmgr.py (100%)
 rename {app => secretmgr}/shell.nix (100%)

diff --git a/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl
similarity index 100%
rename from app/core/deploy/core.hcl
rename to cluster/prod/app/core/deploy/core.hcl
diff --git a/cluster/prod/app/secretmgr.py b/cluster/prod/app/secretmgr.py
new file mode 120000
index 0000000..107653c
--- /dev/null
+++ b/cluster/prod/app/secretmgr.py
@@ -0,0 +1 @@
+../../../secretmgr/secretmgr.py
\ No newline at end of file
diff --git a/cluster/prod/app/shell.nix b/cluster/prod/app/shell.nix
new file mode 120000
index 0000000..b10effc
--- /dev/null
+++ b/cluster/prod/app/shell.nix
@@ -0,0 +1 @@
+../../../secretmgr/shell.nix
\ No newline at end of file
diff --git a/cluster/staging/app/core/deploy/core.hcl b/cluster/staging/app/core/deploy/core.hcl
new file mode 100644
index 0000000..f57f21d
--- /dev/null
+++ b/cluster/staging/app/core/deploy/core.hcl
@@ -0,0 +1,71 @@
+job "core" {
+  datacenters = ["dc1", "neptune"]
+  type = "system"
+  priority = 90
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  update {
+    max_parallel     = 1
+    stagger = "1m"
+  }
+
+  group "network" {
+    task "diplonat" {
+      driver = "docker"
+
+      config {
+        image = "lxpz/amd64_diplonat:3"
+        network_mode = "host"
+        readonly_rootfs = true
+        volumes = [
+          "secrets:/etc/diplonat",
+        ]
+      }
+
+      restart {
+        interval = "30m"
+        attempts = 2
+        delay    = "15s"
+        mode     = "delay"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+        destination = "secrets/consul-ca.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
+        destination = "secrets/consul-client.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.key\" }}"
+        destination = "secrets/consul-client.key"
+      }
+
+      template {
+        data = <<EOH
+DIPLONAT_REFRESH_TIME=60
+DIPLONAT_EXPIRATION_TIME=300
+DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
+DIPLONAT_CONSUL_URL=https://localhost:8501
+DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
+DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
+DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
+RUST_LOG=debug
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+
+      resources {
+        memory = 40
+      }
+    }
+  }
+}
diff --git a/cluster/staging/app/secretmgr.py b/cluster/staging/app/secretmgr.py
new file mode 120000
index 0000000..107653c
--- /dev/null
+++ b/cluster/staging/app/secretmgr.py
@@ -0,0 +1 @@
+../../../secretmgr/secretmgr.py
\ No newline at end of file
diff --git a/cluster/staging/app/shell.nix b/cluster/staging/app/shell.nix
new file mode 120000
index 0000000..b10effc
--- /dev/null
+++ b/cluster/staging/app/shell.nix
@@ -0,0 +1 @@
+../../../secretmgr/shell.nix
\ No newline at end of file
diff --git a/app/bad.csi-s3/deploy/csi-s3.hcl b/experimental/bad.csi-s3/deploy/csi-s3.hcl
similarity index 100%
rename from app/bad.csi-s3/deploy/csi-s3.hcl
rename to experimental/bad.csi-s3/deploy/csi-s3.hcl
diff --git a/app/bad.csi-s3/deploy/dummy-volume.hcl b/experimental/bad.csi-s3/deploy/dummy-volume.hcl
similarity index 100%
rename from app/bad.csi-s3/deploy/dummy-volume.hcl
rename to experimental/bad.csi-s3/deploy/dummy-volume.hcl
diff --git a/app/bad.nextcloud/config/litestream.yml b/experimental/bad.nextcloud/config/litestream.yml
similarity index 100%
rename from app/bad.nextcloud/config/litestream.yml
rename to experimental/bad.nextcloud/config/litestream.yml
diff --git a/app/bad.nextcloud/deploy/nextcloud.hcl b/experimental/bad.nextcloud/deploy/nextcloud.hcl
similarity index 100%
rename from app/bad.nextcloud/deploy/nextcloud.hcl
rename to experimental/bad.nextcloud/deploy/nextcloud.hcl
diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_pass b/experimental/bad.nextcloud/secrets/nextcloud/admin_pass
similarity index 100%
rename from app/bad.nextcloud/secrets/nextcloud/admin_pass
rename to experimental/bad.nextcloud/secrets/nextcloud/admin_pass
diff --git a/app/bad.nextcloud/secrets/nextcloud/admin_user b/experimental/bad.nextcloud/secrets/nextcloud/admin_user
similarity index 100%
rename from app/bad.nextcloud/secrets/nextcloud/admin_user
rename to experimental/bad.nextcloud/secrets/nextcloud/admin_user
diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_access_key b/experimental/bad.nextcloud/secrets/nextcloud/s3_access_key
similarity index 100%
rename from app/bad.nextcloud/secrets/nextcloud/s3_access_key
rename to experimental/bad.nextcloud/secrets/nextcloud/s3_access_key
diff --git a/app/bad.nextcloud/secrets/nextcloud/s3_secret_key b/experimental/bad.nextcloud/secrets/nextcloud/s3_secret_key
similarity index 100%
rename from app/bad.nextcloud/secrets/nextcloud/s3_secret_key
rename to experimental/bad.nextcloud/secrets/nextcloud/s3_secret_key
diff --git a/app/bad.yugabyte/deploy/yugabyte.hcl b/experimental/bad.yugabyte/deploy/yugabyte.hcl
similarity index 100%
rename from app/bad.yugabyte/deploy/yugabyte.hcl
rename to experimental/bad.yugabyte/deploy/yugabyte.hcl
diff --git a/app/secretmgr.py b/secretmgr/secretmgr.py
similarity index 100%
rename from app/secretmgr.py
rename to secretmgr/secretmgr.py
diff --git a/app/shell.nix b/secretmgr/shell.nix
similarity index 100%
rename from app/shell.nix
rename to secretmgr/shell.nix