From 859813440c23982c75fd1f27f3469aa9e9794368 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Tue, 18 Oct 2022 22:09:55 +0200
Subject: [PATCH] Automatic garage node discover on staging through consul

---
 cluster/staging/app/garage/config/garage.toml | 11 +++++++-
 cluster/staging/app/garage/deploy/garage.hcl  | 26 ++++++++++++++++++-
 cluster/staging/cluster.nix                   |  3 +++
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/cluster/staging/app/garage/config/garage.toml b/cluster/staging/app/garage/config/garage.toml
index 1cb3c6f..3686338 100644
--- a/cluster/staging/app/garage/config/garage.toml
+++ b/cluster/staging/app/garage/config/garage.toml
@@ -6,7 +6,8 @@ db_engine = "lmdb"
 
 replication_mode = "3"
 
-rpc_bind_addr = "0.0.0.0:3991"
+rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3991"
+rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3991"
 rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
 
 #consul_host = "localhost:8500"
@@ -14,6 +15,14 @@ rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
 
 bootstrap_peers = []
 
+[consul_discovery]
+consul_http_addr = "https://consul.service.staging.consul:8501"
+service_name = "garage-staging-discovery"
+ca_cert = "/etc/garage/consul-ca.crt"
+client_cert = "/etc/garage/consul-client.crt"
+client_key = "/etc/garage/consul-client.key"
+tls_skip_verify = true
+
 [s3_api]
 s3_region = "garage-staging"
 api_bind_addr = "0.0.0.0:3990"
diff --git a/cluster/staging/app/garage/deploy/garage.hcl b/cluster/staging/app/garage/deploy/garage.hcl
index 55f8d75..77d5092 100644
--- a/cluster/staging/app/garage/deploy/garage.hcl
+++ b/cluster/staging/app/garage/deploy/garage.hcl
@@ -60,7 +60,7 @@ job "garage-staging" {
       driver = "docker"
 
       config {
-        image = "dxflrs/amd64_garage:e89f8806949f4b389f8848454e293b7b5ba6d91a"
+        image = "dxflrs/amd64_garage:8bc5caf7aa9bc0e27b741c68113cb7fdde2d54e6"
         command = "/garage"
         args = [ "server" ]
         network_mode = "host"
@@ -68,6 +68,7 @@ job "garage-staging" {
           "/mnt/storage/garage-staging/data:/data",
           "/mnt/ssd/garage-staging/meta:/meta",
           "secrets/garage.toml:/etc/garage.toml",
+          "secrets:/etc/garage",
         ]
       }
 
@@ -76,6 +77,29 @@ job "garage-staging" {
         destination = "secrets/garage.toml"
       }
 
+      template {
+        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+        destination = "secrets/consul-ca.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
+        destination = "secrets/consul-client.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.key\" }}"
+        destination = "secrets/consul-client.key"
+      }
+
+      template {
+        data = <<EOH
+RUST_LOG=garage=debug
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+
       resources {
         memory = 2000
         memory_max = 3000
diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix
index 8dcff1b..15e0f04 100644
--- a/cluster/staging/cluster.nix
+++ b/cluster/staging/cluster.nix
@@ -62,4 +62,7 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPTsEgcOtb2bij+Ih8eg8ZqO7d3IMiWykv6deMzlSSS kokakiwi@kira"
     ];
   };
+
+  # For Garage ipv6 communication
+  networking.firewall.allowedTCPPorts = [ 3991 ];
 }