Simplify network configuration #11
5 changed files with 22 additions and 14 deletions
|
@ -6,8 +6,10 @@ db_engine = "lmdb"
|
||||||
|
|
||||||
replication_mode = "3"
|
replication_mode = "3"
|
||||||
|
|
||||||
rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3901"
|
{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
|
||||||
rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3901"
|
rpc_bind_addr = "[{{ $a.address }}]:3901"
|
||||||
|
rpc_public_addr = "[{{ $a.address }}]:3901"
|
||||||
|
{{ end }}
|
||||||
rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}"
|
rpc_secret = "{{ key "secrets/garage/rpc_secret" | trimSpace }}"
|
||||||
|
|
||||||
[consul_discovery]
|
[consul_discovery]
|
||||||
|
|
|
@ -11,7 +11,7 @@ job "core:d53" {
|
||||||
|
|
||||||
config {
|
config {
|
||||||
packages = [
|
packages = [
|
||||||
"git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=d906a6ebb5d977f44340b157a520477849ced161"
|
"git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=49d94dae1d753c1f3349be7ea9bc7e7978c0af15"
|
||||||
]
|
]
|
||||||
command = "d53"
|
command = "d53"
|
||||||
}
|
}
|
||||||
|
@ -52,7 +52,7 @@ D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
|
||||||
D53_PROVIDERS=deuxfleurs.org:gandi
|
D53_PROVIDERS=deuxfleurs.org:gandi
|
||||||
D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
|
D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
|
||||||
D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
|
D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
|
||||||
RUST_LOG=d53=info
|
RUST_LOG=d53=debug
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/env"
|
destination = "secrets/env"
|
||||||
env = true
|
env = true
|
||||||
|
|
|
@ -6,8 +6,10 @@ db_engine = "lmdb"
|
||||||
|
|
||||||
replication_mode = "3"
|
replication_mode = "3"
|
||||||
|
|
||||||
rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3991"
|
{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
|
||||||
rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3991"
|
rpc_bind_addr = "[{{ $a.address }}]:3991"
|
||||||
|
rpc_public_addr = "[{{ $a.address }}]:3991"
|
||||||
|
{{ end }}
|
||||||
rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
|
rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
|
||||||
|
|
||||||
bootstrap_peers = []
|
bootstrap_peers = []
|
||||||
|
|
|
@ -25,6 +25,7 @@ job "garage-staging" {
|
||||||
config {
|
config {
|
||||||
packages = [
|
packages = [
|
||||||
"#bash", # so that we can enter a shell inside container
|
"#bash", # so that we can enter a shell inside container
|
||||||
|
"#coreutils",
|
||||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=0d0906b066eb76111f3b427dce1c50eac083366c",
|
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=0d0906b066eb76111f3b427dce1c50eac083366c",
|
||||||
]
|
]
|
||||||
command = "garage"
|
command = "garage"
|
||||||
|
|
|
@ -19,7 +19,7 @@ in
|
||||||
};
|
};
|
||||||
staticIPv6.address = mkOption {
|
staticIPv6.address = mkOption {
|
||||||
description = "Static public IPv6 address of this node";
|
description = "Static public IPv6 address of this node";
|
||||||
type = str;
|
type = nullOr str;
|
||||||
};
|
};
|
||||||
isRaftServer = mkOption {
|
isRaftServer = mkOption {
|
||||||
description = "Make this node a RAFT server for the Nomad and Consul deployments";
|
description = "Make this node a RAFT server for the Nomad and Consul deployments";
|
||||||
|
@ -129,8 +129,10 @@ in
|
||||||
clusterAddress = clusterNodeCfg.address;
|
clusterAddress = clusterNodeCfg.address;
|
||||||
node_meta = {
|
node_meta = {
|
||||||
"site" = cfg.siteName;
|
"site" = cfg.siteName;
|
||||||
"public_ipv6" = cfg.staticIPv6.address;
|
|
||||||
} //
|
} //
|
||||||
|
(if cfg.staticIPv6.address != null
|
||||||
|
then { "public_ipv6" = cfg.staticIPv6.address; }
|
||||||
|
else {}) //
|
||||||
(if cfg.publicIPv4 != null
|
(if cfg.publicIPv4 != null
|
||||||
then { "public_ipv4" = cfg.publicIPv4; }
|
then { "public_ipv4" = cfg.publicIPv4; }
|
||||||
else {}) //
|
else {}) //
|
||||||
|
@ -156,11 +158,12 @@ in
|
||||||
# IPv4 configuration is obtained by DHCP by default,
|
# IPv4 configuration is obtained by DHCP by default,
|
||||||
# unless a static v4 address and default gateway are given
|
# unless a static v4 address and default gateway are given
|
||||||
noDHCP = cfg.staticIPv4.address != null && cfg.staticIPv4.defaultGateway != null;
|
noDHCP = cfg.staticIPv4.address != null && cfg.staticIPv4.defaultGateway != null;
|
||||||
# IPv6 configuration is obtained through router advertisements
|
# IPv6 configuration is obtained through router advertisements (RA),
|
||||||
# (RA), using a static token to ensure a static IPv6,
|
# possibly using a static token to ensure a static IPv6,
|
||||||
# unless defaultGateway is specified, in which case RAs are
|
# unless a static v6 address and default gateway are given,
|
||||||
# disabled entirely
|
# in which case RAs are disabled entirely
|
||||||
noRA = cfg.staticIPv6.defaultGateway != null;
|
noRA = cfg.staticIPv6.address != null && cfg.staticIPv6.defaultGateway != null;
|
||||||
|
staticV6 = cfg.staticIPv6.address != null;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
matchConfig.Name = "en* eth*";
|
matchConfig.Name = "en* eth*";
|
||||||
|
@ -189,7 +192,7 @@ in
|
||||||
|
|
||||||
# Dynamic IPv6: only fetch default route, use static
|
# Dynamic IPv6: only fetch default route, use static
|
||||||
# address and no DNS servers
|
# address and no DNS servers
|
||||||
ipv6AcceptRAConfig.Token = mkIf (!noRA) "static:${cfg.staticIPv6.address}";
|
ipv6AcceptRAConfig.Token = mkIf (!noRA && staticV6) "static:${cfg.staticIPv6.address}";
|
||||||
ipv6AcceptRAConfig.UseDNS = mkIf (!noRA) false;
|
ipv6AcceptRAConfig.UseDNS = mkIf (!noRA) false;
|
||||||
|
|
||||||
# Static IPv6: disable all router advertisements and
|
# Static IPv6: disable all router advertisements and
|
||||||
|
|
Loading…
Reference in a new issue