màj config gitea

cluster/prod/app/core/deploy/bottin.hcl

@@ -1,4 +1,4 @@
-job "core:bottin" {
+job "core-bottin" {
   datacenters = ["orion", "neptune", "scorpio"]
   type = "system"
   priority = 90

cluster/prod/app/core/deploy/d53.hcl

@@ -1,4 +1,4 @@
-job "core:d53" {
+job "core-d53" {
   datacenters = ["neptune", "orion", "bespin"]
   type = "service"
   priority = 90
@@ -61,4 +61,42 @@ EOH
       }
     }
   }
+
+  # Dummy task for Gitea (still on an external VM), runs on any bespin node
+  # and allows D53 to automatically update the A record for git.deuxfleurs.fr
+  # to the IPv4 address of the bespin site (that changes occasionnaly)
+  group "gitea-dummy" {
+    count = 1
+
+    network {
+      port "dummy" {
+        to = 999
+      }
+    }
+
+    task "main" {
+      driver = "docker"
+
+      constraint {
+        attribute = "${meta.site}"
+        operator = "="
+        value = "bespin"
+      }
+
+      config {
+        image = "alpine"
+        command = "sh"
+        args = ["-c", "while true; do echo x; sleep 60; done"]
+        ports = [ "dummy" ]
+      }
+
+      service {
+        name = "gitea-dummy"
+        port = "dummy"
+        tags = [
+          "d53-a git.deuxfleurs.fr",
+        ]
+      }
+    }
+  }
 }

cluster/prod/app/core/deploy/diplonat.hcl

@@ -1,4 +1,4 @@
-job "core:diplonat" {
+job "core-diplonat" {
   datacenters = ["orion", "neptune", "scorpio", "bespin"]
   type = "system"
   priority = 90
@@ -53,9 +53,6 @@ DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
 DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
 DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
 DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
-{{ if env "meta.site" | eq "bespin" }}
-DIPLONAT_IPV6_ONLY=true
-{{ end }}
 RUST_LOG=debug
 EOH
         destination = "secrets/env"

cluster/prod/app/core/deploy/tricot.hcl

@@ -1,5 +1,9 @@
-job "core:tricot" {
+job "core-tricot" {
-  datacenters = ["orion", "neptune", "scorpio", "bespin"]
+  # bespin pas pour l'instant, on a des soucis de SSL avec gitea
+  # on pourra mettre bespin quand on aura migré gitea de la vm vers le cluster
+  # en attendant, les deux  ne sont pas capables de partager les certificats SSL
+  # donc on laisse la VM gitea gérer les certifs et prendre tout le trafic http(s)
+  datacenters = ["orion", "neptune", "scorpio"]
   type = "system"
   priority = 90
 

cluster/prod/register_external_services.sh

@@ -60,6 +60,24 @@ curl -vv  -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: app
 }
 EOF
 
+curl -vv  -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
+{
+  "Datacenter": "prod",
+  "Node": "lindy",
+  "Address": "192.168.1.184",
+  "NodeMeta": {
+    "site": "neptune",
+    "cname_target": "neptune.site.deuxfleurs.fr."
+  },
+  "Service": {
+    "Service": "lx-apimtest",
+    "Tags": ["tricot apimtest.adnab.me"],
+    "Address": "192.168.1.184",
+    "Port": 8920
+  }
+}
+EOF
+
 
 curl -vv  -X PUT http://localhost:8500/v1/catalog/register -H "Content-Type: application/json" --data @- <<EOF
 {

cluster/prod/site/bespin.nix

@@ -4,4 +4,14 @@
   deuxfleurs.siteName = "bespin";
   deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
   deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr.";
+
+  # Allow all ports from gateway for janky UPnP/IGD daemon
+  # networking.firewall = {
+  #   extraCommands = ''
+  #     iptables -A INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
+  #   '';
+  #   extraStopCommands = ''
+  #     iptables -D INPUT -s ${cfg.staticIPv4.defaultGateway} -p udp -j ACCEPT
+  #   '';
+  # };
 }