update readme.md

This commit is contained in:
Quentin 2022-10-16 11:04:36 +02:00
parent c3a30aabab
commit 6942355d43
Signed by: quentin
GPG key ID: E9602264D639FF68
2 changed files with 1 additions and 30 deletions

View file

@ -58,35 +58,6 @@ To upgrade NixOS, use the `./upgrade_nixos` script instead (it has the same synt
**When adding a node to the cluster:** just do `./deploy_nixos <cluster_name> <name_of_new_node>` **When adding a node to the cluster:** just do `./deploy_nixos <cluster_name> <name_of_new_node>`
### Deploying Wesher
We use Wesher to provide an encrypted overlay network between nodes in the cluster.
This is usefull in particular for securing services that are not able to do mTLS,
but as a security-in-depth measure, we make all traffic go through Wesher even when
TLS is done correctly. It is thus mandatory to have a working Wesher installation
in the cluster for it to run correctly.
First, if no Wesher shared secret key has been generated for this cluster yet,
generate it with:
```
./gen_wesher_key <cluster_name>
```
This key will be stored in `pass`, so you must have a working `pass` installation
for this script to run correctly.
Then, deploy the key on all nodes with:
```
./deploy_wesher_key <cluster_name>
```
This should be done after `./deploy_nixos` has run successfully on all nodes.
You should now have a working Wesher network between all your nodes!
**When adding a node to the cluster:** just do `./deploy_wesher_key <cluster_name> <name_of_new_node>`
### Generating and deploying a PKI for Consul and Nomad ### Generating and deploying a PKI for Consul and Nomad
This is very similar to how we do for Wesher. This is very similar to how we do for Wesher.

View file

@ -90,7 +90,7 @@ EOH
} }
resources { resources {
cpu = 2000 cpu = 500
memory = 200 memory = 200
} }