From a69a71ca00591b637224cd879d26260a607b6957 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Sun, 16 Oct 2022 15:37:54 +0200
Subject: [PATCH] Add mounts on bespin + tlsproxy

---
 cluster/prod/node/df-ykl.nix | 6 ++++++
 cluster/prod/node/df-ymf.nix | 6 ++++++
 cluster/prod/node/df-ymk.nix | 6 ++++++
 tlsproxy                     | 4 ++--
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/cluster/prod/node/df-ykl.nix b/cluster/prod/node/df-ykl.nix
index e2eb796..04a2b35 100644
--- a/cluster/prod/node/df-ykl.nix
+++ b/cluster/prod/node/df-ykl.nix
@@ -15,4 +15,10 @@
 
   deuxfleurs.cluster_ip = "10.83.3.1";
   deuxfleurs.is_raft_server = true;
+
+  fileSystems."/mnt" = {
+    device = "/dev/disk/by-uuid/f7aa396f-23d0-44d3-89cf-3cb00bbb6c3b";
+    fsType = "xfs";
+    options = [ "nofail" ];
+  };
 }
diff --git a/cluster/prod/node/df-ymf.nix b/cluster/prod/node/df-ymf.nix
index 2ae49ad..15c5b1e 100644
--- a/cluster/prod/node/df-ymf.nix
+++ b/cluster/prod/node/df-ymf.nix
@@ -15,4 +15,10 @@
 
   deuxfleurs.cluster_ip = "10.83.3.2";
   deuxfleurs.is_raft_server = false;
+
+  fileSystems."/mnt" = {
+    device = "/dev/disk/by-uuid/fec20a7e-5019-4747-8f73-77f3f196c122";
+    fsType = "xfs";
+    options = [ "nofail" ];
+  };
 }
diff --git a/cluster/prod/node/df-ymk.nix b/cluster/prod/node/df-ymk.nix
index c30346f..d7deb49 100644
--- a/cluster/prod/node/df-ymk.nix
+++ b/cluster/prod/node/df-ymk.nix
@@ -15,4 +15,10 @@
 
   deuxfleurs.cluster_ip = "10.83.3.3";
   deuxfleurs.is_raft_server = false;
+
+  fileSystems."/mnt" = {
+    device = "/dev/disk/by-uuid/51d95b17-0e06-4a73-9e4e-ae5363cc4015";
+    fsType = "xfs";
+    options = [ "nofail" ];
+  };
 }
diff --git a/tlsproxy b/tlsproxy
index 7988737..1ddeafa 100755
--- a/tlsproxy
+++ b/tlsproxy
@@ -37,10 +37,10 @@ pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt
 pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt
 pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key
 
-socat -dd tcp4-listen:4646,reuseaddr,fork openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt,verify=0 &
+socat -dd tcp-listen:4646,reuseaddr,fork,bind=localhost openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt,verify=0 &
 child1=$!
 
-socat -dd tcp4-listen:8500,reuseaddr,fork openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt,verify=0 &
+socat -dd tcp-listen:8500,reuseaddr,fork,bind=localhost openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt,verify=0 &
 child2=$!
 
 wait "$child1"