TLS proxy in im.deuxfleurs.fr for Android 7 #17
12 changed files with 68 additions and 20 deletions
|
@ -13,7 +13,7 @@ job "core-diplonat" {
|
|||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "lxpz/amd64_diplonat:6"
|
||||
image = "lxpz/amd64_diplonat:7"
|
||||
network_mode = "host"
|
||||
readonly_rootfs = true
|
||||
privileged = true
|
||||
|
|
|
@ -44,7 +44,7 @@ job "garage" {
|
|||
template {
|
||||
data = file("../config/garage.toml")
|
||||
destination = "secrets/garage.toml"
|
||||
change_mode = "noop"
|
||||
#change_mode = "noop"
|
||||
}
|
||||
|
||||
template {
|
||||
|
|
|
@ -106,6 +106,18 @@
|
|||
baptiste = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax"
|
||||
];
|
||||
aeddis = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
|
||||
];
|
||||
boris = [
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
|
||||
];
|
||||
vincent = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
|
||||
];
|
||||
};
|
||||
|
||||
# For Garage external communication
|
||||
|
|
|
@ -22,7 +22,7 @@ job "core-diplonat" {
|
|||
"#iptables",
|
||||
"#bash",
|
||||
"#coreutils",
|
||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=05872634a42bf0aef3ab0a2760e2be4590bc8b73"
|
||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493"
|
||||
]
|
||||
command = "diplonat"
|
||||
}
|
||||
|
|
|
@ -82,6 +82,7 @@ EOH
|
|||
name = "tricot-http"
|
||||
port = "http_port"
|
||||
tags = [
|
||||
"d53-aaaa ${attr.unique.hostname}.machine.staging.deuxfleurs.org",
|
||||
"d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
|
||||
"d53-aaaa staging.deuxfleurs.org",
|
||||
"(diplonat (tcp_port 80))"
|
||||
|
|
|
@ -26,8 +26,8 @@ job "garage-staging" {
|
|||
packages = [
|
||||
"#bash", # so that we can enter a shell inside container
|
||||
"#coreutils",
|
||||
# garage v0.9.0
|
||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=952c9570c494468643353ee1ae9052b510353665",
|
||||
# garage v0.9.1-rc
|
||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=9cfeea389a1274d4d3c1f4b7072b0c056af410ef",
|
||||
]
|
||||
command = "garage"
|
||||
args = [ "server" ]
|
||||
|
|
|
@ -192,8 +192,8 @@ EOH
|
|||
}
|
||||
|
||||
resources {
|
||||
memory = 200
|
||||
memory_max = 200
|
||||
memory = 500
|
||||
memory_max = 500
|
||||
cpu = 100
|
||||
}
|
||||
}
|
||||
|
|
|
@ -79,6 +79,18 @@
|
|||
armael = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix"
|
||||
];
|
||||
aeddis = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
|
||||
];
|
||||
boris = [
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
|
||||
];
|
||||
vincent = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
|
||||
];
|
||||
};
|
||||
|
||||
# For Garage ipv6 communication
|
||||
|
|
|
@ -11,3 +11,5 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh
|
|||
10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
||||
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
|
||||
2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
||||
carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
|
||||
caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
|
||||
|
|
|
@ -1,18 +1,24 @@
|
|||
UserKnownHostsFile ./cluster/staging/known_hosts
|
||||
|
||||
Host caribou
|
||||
HostName caribou.machine.deuxfleurs.fr
|
||||
#HostName caribou.machine.deuxfleurs.fr
|
||||
HostName caribou.machine.staging.deuxfleurs.org
|
||||
|
||||
Host carcajou
|
||||
HostName carcajou.machine.deuxfleurs.fr
|
||||
#HostName carcajou.machine.deuxfleurs.fr
|
||||
HostName carcajou.machine.staging.deuxfleurs.org
|
||||
|
||||
Host origan
|
||||
HostName origan.df.trinity.fr.eu.org
|
||||
#HostName origan.df.trinity.fr.eu.org
|
||||
HostName origan.machine.staging.deuxfleurs.org
|
||||
|
||||
Host piranha
|
||||
ProxyJump carcajou.machine.deuxfleurs.fr
|
||||
HostName 10.14.3.1
|
||||
#HostName piranha.polyno.me
|
||||
#OR
|
||||
#ProxyJump carcajou.machine.deuxfleurs.fr
|
||||
#HostName 10.14.3.1
|
||||
HostName piranha.machine.staging.deuxfleurs.org
|
||||
|
||||
Host df-pw5
|
||||
HostName df-pw5.machine.deuxfleurs.fr
|
||||
#HostName df-pw5.machine.deuxfleurs.fr
|
||||
HostName df-pw5.machine.staging.deuxfleurs.org
|
||||
|
|
|
@ -17,12 +17,26 @@ Basically:
|
|||
Edit your `~/.ssh/config` file with content such as the following:
|
||||
|
||||
```
|
||||
Host dahlia
|
||||
HostName dahlia.machine.deuxfleurs.fr
|
||||
LocalForward 14646 127.0.0.1:4646
|
||||
LocalForward 8501 127.0.0.1:8501
|
||||
LocalForward 1389 bottin.service.prod.consul:389
|
||||
LocalForward 5432 psql-proxy.service.prod.consul:5432
|
||||
# Deuxfleurs prod
|
||||
Host abricot ananas concombre celeri courgette df-ykl df-ymf df-ymk
|
||||
HostName %h.machine.deuxfleurs.fr
|
||||
IdentityFile ~/.ssh/deuxfleurs_ed25519
|
||||
User adrien
|
||||
LocalForward 14646 127.0.0.1:4646
|
||||
LocalForward 8501 127.0.0.1:8501
|
||||
LocalForward 1389 bottin.service.prod.consul:389
|
||||
LocalForward 5432 psql-proxy.service.prod.consul:5432
|
||||
|
||||
# Deuxfleurs staging
|
||||
Host piranha df-pw5 # et autres
|
||||
HostName %h.machine.deuxfleurs.fr
|
||||
IdentityFile ~/.ssh/deuxfleurs_ed25519
|
||||
User adrien
|
||||
LocalForward 14646 127.0.0.1:4646
|
||||
LocalForward 8501 127.0.0.1:8501
|
||||
LocalForward 1389 bottin.service.prod.consul:389
|
||||
LocalForward 5432 psql-proxy.service.prod.consul:5432
|
||||
|
||||
```
|
||||
|
||||
Then run the TLS proxy and leave it running:
|
||||
|
|
3
tlsproxy
3
tlsproxy
|
@ -17,7 +17,8 @@ PREFIX="deuxfleurs/cluster/$CLUSTER"
|
|||
|
||||
# Do actual stuff
|
||||
|
||||
YEAR=$(date +%Y)
|
||||
#YEAR=$(date +%Y)
|
||||
YEAR=2023
|
||||
|
||||
CERTDIR=$(mktemp -d)
|
||||
|
||||
|
|
Loading…
Reference in a new issue