Simplify network configuration #11

Merged
lx merged 25 commits from simplify-network-config into main 2023-05-16 13:19:33 +00:00
5 changed files with 22 additions and 14 deletions
Showing only changes of commit 607add3161 - Show all commits

View file

@ -6,8 +6,10 @@ db_engine = "lmdb"
replication_mode = "3"
rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3901"
rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3901"
{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
rpc_bind_addr = "[{{ $a.address }}]:3901"
rpc_public_addr = "[{{ $a.address }}]:3901"
{{ end }}
rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}"
[consul_discovery]

View file

@ -11,7 +11,7 @@ job "core:d53" {
config {
packages = [
"git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=d906a6ebb5d977f44340b157a520477849ced161"
"git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=49d94dae1d753c1f3349be7ea9bc7e7978c0af15"
]
command = "d53"
}
@ -52,7 +52,7 @@ D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
D53_PROVIDERS=deuxfleurs.org:gandi
D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
RUST_LOG=d53=info
RUST_LOG=d53=debug
EOH
destination = "secrets/env"
env = true

View file

@ -6,8 +6,10 @@ db_engine = "lmdb"
replication_mode = "3"
rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3991"
rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3991"
{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
rpc_bind_addr = "[{{ $a.address }}]:3991"
rpc_public_addr = "[{{ $a.address }}]:3991"
{{ end }}
rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
bootstrap_peers = []

View file

@ -25,6 +25,7 @@ job "garage-staging" {
config {
packages = [
"#bash", # so that we can enter a shell inside container
"#coreutils",
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=0d0906b066eb76111f3b427dce1c50eac083366c",
]
command = "garage"

View file

@ -19,7 +19,7 @@ in
};
staticIPv6.address = mkOption {
description = "Static public IPv6 address of this node";
type = str;
type = nullOr str;
};
isRaftServer = mkOption {
description = "Make this node a RAFT server for the Nomad and Consul deployments";
@ -129,8 +129,10 @@ in
clusterAddress = clusterNodeCfg.address;
node_meta = {
"site" = cfg.siteName;
"public_ipv6" = cfg.staticIPv6.address;
} //
(if cfg.staticIPv6.address != null
then { "public_ipv6" = cfg.staticIPv6.address; }
else {}) //
(if cfg.publicIPv4 != null
then { "public_ipv4" = cfg.publicIPv4; }
else {}) //
@ -156,11 +158,12 @@ in
# IPv4 configuration is obtained by DHCP by default,
# unless a static v4 address and default gateway are given
noDHCP = cfg.staticIPv4.address != null && cfg.staticIPv4.defaultGateway != null;
# IPv6 configuration is obtained through router advertisements
# (RA), using a static token to ensure a static IPv6,
# unless defaultGateway is specified, in which case RAs are
# disabled entirely
noRA = cfg.staticIPv6.defaultGateway != null;
# IPv6 configuration is obtained through router advertisements (RA),
# possibly using a static token to ensure a static IPv6,
# unless a static v6 address and default gateway are given,
# in which case RAs are disabled entirely
noRA = cfg.staticIPv6.address != null && cfg.staticIPv6.defaultGateway != null;
staticV6 = cfg.staticIPv6.address != null;
in
{
matchConfig.Name = "en* eth*";
@ -189,7 +192,7 @@ in
# Dynamic IPv6: only fetch default route, use static
# address and no DNS servers
ipv6AcceptRAConfig.Token = mkIf (!noRA) "static:${cfg.staticIPv6.address}";
ipv6AcceptRAConfig.Token = mkIf (!noRA && staticV6) "static:${cfg.staticIPv6.address}";
ipv6AcceptRAConfig.UseDNS = mkIf (!noRA) false;
# Static IPv6: disable all router advertisements and