Simplify network configuration #11

Merged
lx merged 25 commits from simplify-network-config into main 2023-05-16 13:19:33 +00:00
5 changed files with 22 additions and 14 deletions
Showing only changes of commit 607add3161 - Show all commits

View file

@ -6,8 +6,10 @@ db_engine = "lmdb"
replication_mode = "3" replication_mode = "3"
rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3901" {{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3901" rpc_bind_addr = "[{{ $a.address }}]:3901"
rpc_public_addr = "[{{ $a.address }}]:3901"
{{ end }}
rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}" rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}"
[consul_discovery] [consul_discovery]

View file

@ -11,7 +11,7 @@ job "core:d53" {
config { config {
packages = [ packages = [
"git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=d906a6ebb5d977f44340b157a520477849ced161" "git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=49d94dae1d753c1f3349be7ea9bc7e7978c0af15"
] ]
command = "d53" command = "d53"
} }
@ -52,7 +52,7 @@ D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
D53_PROVIDERS=deuxfleurs.org:gandi D53_PROVIDERS=deuxfleurs.org:gandi
D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }} D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
D53_ALLOWED_DOMAINS=staging.deuxfleurs.org D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
RUST_LOG=d53=info RUST_LOG=d53=debug
EOH EOH
destination = "secrets/env" destination = "secrets/env"
env = true env = true

View file

@ -6,8 +6,10 @@ db_engine = "lmdb"
replication_mode = "3" replication_mode = "3"
rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3991" {{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3991" rpc_bind_addr = "[{{ $a.address }}]:3991"
rpc_public_addr = "[{{ $a.address }}]:3991"
{{ end }}
rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}" rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
bootstrap_peers = [] bootstrap_peers = []

View file

@ -25,6 +25,7 @@ job "garage-staging" {
config { config {
packages = [ packages = [
"#bash", # so that we can enter a shell inside container "#bash", # so that we can enter a shell inside container
"#coreutils",
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=0d0906b066eb76111f3b427dce1c50eac083366c", "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=0d0906b066eb76111f3b427dce1c50eac083366c",
] ]
command = "garage" command = "garage"

View file

@ -19,7 +19,7 @@ in
}; };
staticIPv6.address = mkOption { staticIPv6.address = mkOption {
description = "Static public IPv6 address of this node"; description = "Static public IPv6 address of this node";
type = str; type = nullOr str;
}; };
isRaftServer = mkOption { isRaftServer = mkOption {
description = "Make this node a RAFT server for the Nomad and Consul deployments"; description = "Make this node a RAFT server for the Nomad and Consul deployments";
@ -129,8 +129,10 @@ in
clusterAddress = clusterNodeCfg.address; clusterAddress = clusterNodeCfg.address;
node_meta = { node_meta = {
"site" = cfg.siteName; "site" = cfg.siteName;
"public_ipv6" = cfg.staticIPv6.address;
} // } //
(if cfg.staticIPv6.address != null
then { "public_ipv6" = cfg.staticIPv6.address; }
else {}) //
(if cfg.publicIPv4 != null (if cfg.publicIPv4 != null
then { "public_ipv4" = cfg.publicIPv4; } then { "public_ipv4" = cfg.publicIPv4; }
else {}) // else {}) //
@ -156,11 +158,12 @@ in
# IPv4 configuration is obtained by DHCP by default, # IPv4 configuration is obtained by DHCP by default,
# unless a static v4 address and default gateway are given # unless a static v4 address and default gateway are given
noDHCP = cfg.staticIPv4.address != null && cfg.staticIPv4.defaultGateway != null; noDHCP = cfg.staticIPv4.address != null && cfg.staticIPv4.defaultGateway != null;
# IPv6 configuration is obtained through router advertisements # IPv6 configuration is obtained through router advertisements (RA),
# (RA), using a static token to ensure a static IPv6, # possibly using a static token to ensure a static IPv6,
# unless defaultGateway is specified, in which case RAs are # unless a static v6 address and default gateway are given,
# disabled entirely # in which case RAs are disabled entirely
noRA = cfg.staticIPv6.defaultGateway != null; noRA = cfg.staticIPv6.address != null && cfg.staticIPv6.defaultGateway != null;
staticV6 = cfg.staticIPv6.address != null;
in in
{ {
matchConfig.Name = "en* eth*"; matchConfig.Name = "en* eth*";
@ -189,7 +192,7 @@ in
# Dynamic IPv6: only fetch default route, use static # Dynamic IPv6: only fetch default route, use static
# address and no DNS servers # address and no DNS servers
ipv6AcceptRAConfig.Token = mkIf (!noRA) "static:${cfg.staticIPv6.address}"; ipv6AcceptRAConfig.Token = mkIf (!noRA && staticV6) "static:${cfg.staticIPv6.address}";
ipv6AcceptRAConfig.UseDNS = mkIf (!noRA) false; ipv6AcceptRAConfig.UseDNS = mkIf (!noRA) false;
# Static IPv6: disable all router advertisements and # Static IPv6: disable all router advertisements and