From b4e82e37e4e1718dfffa70cd0c6222c1b34fc997 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Thu, 20 Apr 2023 15:13:13 +0200
Subject: [PATCH] diplonat with fixed iptables thing

---
 .../core/deploy/{core-service.hcl => d53.hcl} |  2 +-
 cluster/staging/app/core/deploy/diplonat.hcl  | 75 +++++++++++++++++++
 .../deploy/{core-system.hcl => tricot.hcl}    | 60 +--------------
 3 files changed, 78 insertions(+), 59 deletions(-)
 rename cluster/staging/app/core/deploy/{core-service.hcl => d53.hcl} (98%)
 create mode 100644 cluster/staging/app/core/deploy/diplonat.hcl
 rename cluster/staging/app/core/deploy/{core-system.hcl => tricot.hcl} (64%)

diff --git a/cluster/staging/app/core/deploy/core-service.hcl b/cluster/staging/app/core/deploy/d53.hcl
similarity index 98%
rename from cluster/staging/app/core/deploy/core-service.hcl
rename to cluster/staging/app/core/deploy/d53.hcl
index bf835c7..5d57eb3 100644
--- a/cluster/staging/app/core/deploy/core-service.hcl
+++ b/cluster/staging/app/core/deploy/d53.hcl
@@ -1,4 +1,4 @@
-job "core-service" {
+job "core:d53" {
   datacenters = ["neptune", "jupiter", "corrin", "bespin"]
   type = "service"
   priority = 90
diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl
new file mode 100644
index 0000000..ba1e4b5
--- /dev/null
+++ b/cluster/staging/app/core/deploy/diplonat.hcl
@@ -0,0 +1,75 @@
+job "core:diplonat" {
+  datacenters = ["neptune", "jupiter", "corrin", "bespin"]
+  type = "system"
+  priority = 90
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  update {
+    max_parallel     = 3
+    stagger = "20s"
+  }
+
+  group "diplonat" {
+    task "diplonat" {
+      driver = "nix2"
+
+      config {
+        packages = [
+          "#iptables",
+		  "#bash",
+		  "#coreutils",
+          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=stun&rev=f5fc635b75dfa17b83a8db4893a7be206b4f9892"
+        ]
+        command = "diplonat"
+      }
+      user = "root"
+
+      restart {
+        interval = "30m"
+        attempts = 2
+        delay    = "15s"
+        mode     = "delay"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+        destination = "etc/diplonat/consul-ca.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
+        destination = "etc/diplonat/consul-client.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.key\" }}"
+        destination = "etc/diplonat/consul-client.key"
+      }
+
+      template {
+        data = <<EOH
+DIPLONAT_REFRESH_TIME=60
+DIPLONAT_EXPIRATION_TIME=300
+DIPLONAT_IPV6_ONLY=true
+DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
+DIPLONAT_CONSUL_URL=https://localhost:8501
+DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
+DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
+DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
+RUST_LOG=debug
+RUST_BACKTRACE=1
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+
+      resources {
+        memory = 100
+      }
+    }
+  }
+}
diff --git a/cluster/staging/app/core/deploy/core-system.hcl b/cluster/staging/app/core/deploy/tricot.hcl
similarity index 64%
rename from cluster/staging/app/core/deploy/core-system.hcl
rename to cluster/staging/app/core/deploy/tricot.hcl
index 1d3eb84..7547a53 100644
--- a/cluster/staging/app/core/deploy/core-system.hcl
+++ b/cluster/staging/app/core/deploy/tricot.hcl
@@ -1,4 +1,4 @@
-job "core-system" {
+job "core:tricot" {
   datacenters = ["neptune", "jupiter", "corrin", "bespin"]
   type = "system"
   priority = 90
@@ -13,63 +13,6 @@ job "core-system" {
     stagger = "1m"
   }
 
-  group "diplonat" {
-    task "diplonat" {
-      driver = "nix2"
-
-      config {
-        packages = [
-          "#iptables",
-          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=stun&rev=21ab77b8288630c5f39a30b098c6a3888df622a1"
-        ]
-        command = "diplonat"
-      }
-      user = "root"
-
-      restart {
-        interval = "30m"
-        attempts = 2
-        delay    = "15s"
-        mode     = "delay"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
-        destination = "etc/diplonat/consul-ca.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
-        destination = "etc/diplonat/consul-client.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.key\" }}"
-        destination = "etc/diplonat/consul-client.key"
-      }
-
-      template {
-        data = <<EOH
-DIPLONAT_REFRESH_TIME=60
-DIPLONAT_EXPIRATION_TIME=300
-DIPLONAT_IPV6_ONLY=true
-DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
-DIPLONAT_CONSUL_URL=https://localhost:8501
-DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
-DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
-DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
-RUST_LOG=debug
-EOH
-        destination = "secrets/env"
-        env = true
-      }
-
-      resources {
-        memory = 100
-      }
-    }
-  }
-
   group "tricot" {
     network {
       port "http_port" { static = 80 }
@@ -129,6 +72,7 @@ TRICOT_HTTP_BIND_ADDR=[::]:80
 TRICOT_HTTPS_BIND_ADDR=[::]:443
 TRICOT_METRICS_BIND_ADDR=[::]:9334
 RUST_LOG=tricot=debug
+RUST_BACKTRACE=1
 EOH
         destination = "secrets/env"
         env = true