From 3fa5eef05d81b828b666b3aa7d31e49786233be2 Mon Sep 17 00:00:00 2001 From: mricher Date: Sun, 16 Oct 2022 11:09:30 +0200 Subject: [PATCH 01/12] Add bespin machines --- cluster/prod/node/df-ykl.nix | 18 ++++++++++++++++++ cluster/prod/node/df-ykl.site.nix | 1 + cluster/prod/node/df-ymf.nix | 18 ++++++++++++++++++ cluster/prod/node/df-ymf.site.nix | 1 + cluster/prod/node/df-ymk.nix | 18 ++++++++++++++++++ cluster/prod/node/df-ymk.site.nix | 1 + cluster/prod/site/bespin.nix | 12 ++++++++++++ 7 files changed, 69 insertions(+) create mode 100644 cluster/prod/node/df-ykl.nix create mode 120000 cluster/prod/node/df-ykl.site.nix create mode 100644 cluster/prod/node/df-ymf.nix create mode 120000 cluster/prod/node/df-ymf.site.nix create mode 100644 cluster/prod/node/df-ymk.nix create mode 120000 cluster/prod/node/df-ymk.site.nix create mode 100644 cluster/prod/site/bespin.nix diff --git a/cluster/prod/node/df-ykl.nix b/cluster/prod/node/df-ykl.nix new file mode 100644 index 0000000..e2eb796 --- /dev/null +++ b/cluster/prod/node/df-ykl.nix @@ -0,0 +1,18 @@ +# Configuration file local to this node + +{ config, pkgs, ... }: + +{ + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "df-ykl"; + + deuxfleurs.network_interface = "enp0s31f6"; + deuxfleurs.lan_ip = "192.168.5.117"; + deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e86c"; + + deuxfleurs.cluster_ip = "10.83.3.1"; + deuxfleurs.is_raft_server = true; +} diff --git a/cluster/prod/node/df-ykl.site.nix b/cluster/prod/node/df-ykl.site.nix new file mode 120000 index 0000000..24a1723 --- /dev/null +++ b/cluster/prod/node/df-ykl.site.nix @@ -0,0 +1 @@ +../site/bespin.nix \ No newline at end of file diff --git a/cluster/prod/node/df-ymf.nix b/cluster/prod/node/df-ymf.nix new file mode 100644 index 0000000..2ae49ad --- /dev/null +++ b/cluster/prod/node/df-ymf.nix @@ -0,0 +1,18 @@ +# Configuration file local to this node + +{ config, pkgs, ... }: + +{ + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "df-ymf"; + + deuxfleurs.network_interface = "enp0s31f6"; + deuxfleurs.lan_ip = "192.168.5.134"; + deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3a:6174"; + + deuxfleurs.cluster_ip = "10.83.3.2"; + deuxfleurs.is_raft_server = false; +} diff --git a/cluster/prod/node/df-ymf.site.nix b/cluster/prod/node/df-ymf.site.nix new file mode 120000 index 0000000..24a1723 --- /dev/null +++ b/cluster/prod/node/df-ymf.site.nix @@ -0,0 +1 @@ +../site/bespin.nix \ No newline at end of file diff --git a/cluster/prod/node/df-ymk.nix b/cluster/prod/node/df-ymk.nix new file mode 100644 index 0000000..c30346f --- /dev/null +++ b/cluster/prod/node/df-ymk.nix @@ -0,0 +1,18 @@ +# Configuration file local to this node + +{ config, pkgs, ... }: + +{ + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "df-ymk"; + + deuxfleurs.network_interface = "enp0s31f6"; + deuxfleurs.lan_ip = "192.168.5.116"; + deuxfleurs.ipv6 = "2a02:a03f:6510:5102:6e4b:90ff:fe3b:e939"; + + deuxfleurs.cluster_ip = "10.83.3.3"; + deuxfleurs.is_raft_server = false; +} diff --git a/cluster/prod/node/df-ymk.site.nix b/cluster/prod/node/df-ymk.site.nix new file mode 120000 index 0000000..24a1723 --- /dev/null +++ b/cluster/prod/node/df-ymk.site.nix @@ -0,0 +1 @@ +../site/bespin.nix \ No newline at end of file diff --git a/cluster/prod/site/bespin.nix b/cluster/prod/site/bespin.nix new file mode 100644 index 0000000..4b60d4d --- /dev/null +++ b/cluster/prod/site/bespin.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: + +{ + deuxfleurs.site_name = "bespin"; + deuxfleurs.lan_default_gateway = "192.168.5.254"; + deuxfleurs.ipv6_default_gateway = "2a02:a03f:6510:5102::1"; + deuxfleurs.lan_ip_prefix_length = 24; + deuxfleurs.ipv6_prefix_length = 64; + deuxfleurs.nameservers = [ "192.168.5.254" ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} -- 2.45.2 From 294c2ad2ed46d12ac7b8305bb2b67b460c134180 Mon Sep 17 00:00:00 2001 From: mricher Date: Sun, 16 Oct 2022 12:08:27 +0200 Subject: [PATCH 02/12] Add cluster configuration --- cluster/prod/cluster.nix | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index 1821d03..e948eb4 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -38,7 +38,7 @@ publicKey = "EtRoWBYCdjqgXX0L+uWLg8KxNfIK8k9OTh30tL19bXU="; IP = "10.83.2.1"; lan_endpoint = "192.168.1.11:33799"; - endpoint = "82.66.80.201:33731"; + endpoint = "82.66.80.201:33731"; } { hostname = "diplotaxis"; @@ -46,8 +46,7 @@ publicKey = "HbLC938mysadMSOxWgq8+qrv+dBKzPP/43OMJp/3phA="; IP = "10.83.2.2"; lan_endpoint = "192.168.1.12:33799"; - endpoint = "82.66.80.201:33732"; - + endpoint = "82.66.80.201:33732"; } { hostname = "doradille"; @@ -55,7 +54,31 @@ publicKey = "e1C8jgTj9eD20ywG08G1FQZ+Js3wMK/msDUE1wO3l1Y="; IP = "10.83.2.3"; lan_endpoint = "192.168.1.13:33799"; - endpoint = "82.66.80.201:33733"; + endpoint = "82.66.80.201:33733"; + } + { + hostname = "df-ylk"; + site_name = "bespin"; + publicKey = "bIjxey/VhBgVrLa0FxN/KISOt2XFmQeSh1MPivUq9gg"; + IP = "10.83.3.1"; + lan_endpoint = "192.168.5.117:33799"; + endpoint = "bespin.site.deuxfleurs.fr:33731"; + } + { + hostname = "df-ymf"; + site_name = "bespin"; + publicKey = "pUIKv8UBl586O7DBrHBsb9BgNU7WlYQ2r2RSNkD+JAQ="; + IP = "10.83.3.2"; + lan_endpoint = "192.168.5.234:33799"; + endpoint = "bespin.site.deuxfleurs.fr:33732"; + } + { + hostname = "df-ymk"; + site_name = "bespin"; + publicKey = "VBmpo15iIJP7250NAsF+ryhZc3j+8TZFnE1Djvn5TXI="; + IP = "10.83.3.3"; + lan_endpoint = "192.168.5.116:33799"; + endpoint = "bespin.site.deuxfleurs.fr:33733"; } ]; -- 2.45.2 From b43ac06aa79c4612b344c1bf27b1553e6485ede7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 16 Oct 2022 12:11:02 +0200 Subject: [PATCH 03/12] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4e0cd6f..ecf2567 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,10 @@ in your operator's life to break everything through automation. Run: - `./deploy_wg prod datura` - to generate wireguard's keys - - `./deploy_nixos prod datura` - to deploy the nix configuration files (need to be redeployed on all nodes as hte new wireguard conf is needed everywhere) + - `./deploy_nixos prod datura` - to deploy the nix configuration files + - need to be redeployed on all nodes as the new wireguard conf is needed everywhere - `./deploy_password prod datura` - to deploy user's passwords + - need to be redeployed on all nodes to setup the password on all nodes - `./deploy_pki prod datura` - to deploy Nomad's and Consul's PKI ## How to operate a node -- 2.45.2 From 52d0fdf133b901be20b53b578efdaf39daafc522 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 16 Oct 2022 14:13:55 +0200 Subject: [PATCH 04/12] Add channel selection in the deploy script --- README.md | 2 ++ deploy_nixos | 1 + 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index ecf2567..4975527 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,8 @@ Basically: - Add your wireguard configuration to `cluster/prod/cluster.nix` - You will have to edit your NAT config manually - To get your node's wg public key, you must run `./deploy_prod prod `, see the next section for more information + - Add your nodes to `cluster/prod/ssh_config`, it will be used by the various SSH scripts. + - If you use `ssh` directly, use `ssh -F ./cluster/prod/ssh_config` ## How to deploy a Nix configuration on a fresh node diff --git a/deploy_nixos b/deploy_nixos index 0bd1b4c..2b55799 100755 --- a/deploy_nixos +++ b/deploy_nixos @@ -7,4 +7,5 @@ copy cluster/$CLUSTER/cluster.nix /etc/nixos/cluster.nix copy cluster/$CLUSTER/node/$NIXHOST.nix /etc/nixos/node.nix copy cluster/$CLUSTER/node/$NIXHOST.site.nix /etc/nixos/site.nix +cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos" cmd nixos-rebuild switch --show-trace -- 2.45.2 From 6b3593b31706fb74106df8af84c640e7aa0a34c7 Mon Sep 17 00:00:00 2001 From: mricher Date: Sun, 16 Oct 2022 14:34:39 +0200 Subject: [PATCH 05/12] Fix key --- cluster/prod/cluster.nix | 7 ++++--- cluster/prod/ssh_config | 12 ++++++++++++ deploy_nixos | 2 +- ssh_known_hosts | 1 + 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index e948eb4..740fe5b 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -57,9 +57,9 @@ endpoint = "82.66.80.201:33733"; } { - hostname = "df-ylk"; + hostname = "df-ykl"; site_name = "bespin"; - publicKey = "bIjxey/VhBgVrLa0FxN/KISOt2XFmQeSh1MPivUq9gg"; + publicKey = "bIjxey/VhBgVrLa0FxN/KISOt2XFmQeSh1MPivUq9gg="; IP = "10.83.3.1"; lan_endpoint = "192.168.5.117:33799"; endpoint = "bespin.site.deuxfleurs.fr:33731"; @@ -104,7 +104,8 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDs9v4tU1F7rqEJFfLjGAOWeGPi3DMgDCtj0mNine/J4GKgDR0KrWIQgT4jE8VdMXRXpaiKZjOabIczvR7INCQryGwb24NzielB5m98dx+OVoWHoFCb3xFgGkk3TIsJp0+8RuGFTPFh5GA1uQB4aHZs6YP56Y/bkr8Ap6sbOfKgg4mfHuVuhME2pOFe4q0YxWFE6Lq/4ysC/87xwjAhQwRyC+vyDxDVUVPKRCRoPxLg0htV6eOY0fJB+9fKrhdeW+yOu4GlxoMxrZfUKjVeCEtbtgOXzNayVRWQNkCZsAgEBD5gmMfBG25vur60d9dCekVOVmaTc0F56DRjaGOOB0WFPZrf16TBs99XlMMbnkhf8z0IPn/L+Q/jJEL4QjhZZ2mrQhZsHVAOPEATKgaYMw2FRUrwyoUJfNIku0e8YmkJR5vEwHoG0o1A0PCACWCRQ1zcac9uYjMADoSsSMjrCQ8FVUT6enPe+g36MtWEaBxUpfqFx0xvw2bvbWFm5xk0uMM= adrien@pratchett" ]; maximilien = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHMMR6zNzz8NQU80wFquhUCeiXJuGphjP+zNouKbn228GyESu8sfNBwnuZq86vblR11Lz8l2rtCM73GfAKg29qmUWUHRKWvRIYWv2vaUJcCdy0bAxIzcvCvjZX0SpnIKxe9y3Rp0LGO5WLYfw0ZFaavwFZP0Z8w1Kj9/zBmL2X2avbhkaYHi/C1yXhbvESYQysmqLa48EX/TS616MBrgR9zbI9AoTQ9NOHnR14Tve/AP/khcZoBJdm4hTttMbNkEc0wonzdylTDew263SPRs/uoqnQIpUtErdPHqU10Yup8HjXjEyFJsSwcZcM5sZOw5JKckKJwmcd0yjO/x/4/Mk5" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHMMR6zNzz8NQU80wFquhUCeiXJuGphjP+zNouKbn228GyESu8sfNBwnuZq86vblR11Lz8l2rtCM73GfAKg29qmUWUHRKWvRIYWv2vaUJcCdy0bAxIzcvCvjZX0SpnIKxe9y3Rp0LGO5WLYfw0ZFaavwFZP0Z8w1Kj9/zBmL2X2avbhkaYHi/C1yXhbvESYQysmqLa48EX/TS616MBrgR9zbI9AoTQ9NOHnR14Tve/AP/khcZoBJdm4hTttMbNkEc0wonzdylTDew263SPRs/uoqnQIpUtErdPHqU10Yup8HjXjEyFJsSwcZcM5sZOw5JKckKJwmcd0yjO/x/4/Mk5 maximilien@icare" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGioTNbjGE3KblbqhnkEWUfGkYZ2p5UAVqPdQJaUBWoo maximilien@athena" ]; }; diff --git a/cluster/prod/ssh_config b/cluster/prod/ssh_config index 7512bda..1fa9019 100644 --- a/cluster/prod/ssh_config +++ b/cluster/prod/ssh_config @@ -21,3 +21,15 @@ Host diplotaxis Host doradille HostName doradille.machine.deuxfleurs.fr +Host df-ykl + HostName df-ykl.machine.deuxfleurs.fr + User root + +Host df-ymf + HostName df-ymf.machine.deuxfleurs.fr + User root + +Host df-ymk + HostName df-ymk.machine.deuxfleurs.fr + User root + diff --git a/deploy_nixos b/deploy_nixos index 2b55799..a716d6b 100755 --- a/deploy_nixos +++ b/deploy_nixos @@ -8,4 +8,4 @@ copy cluster/$CLUSTER/node/$NIXHOST.nix /etc/nixos/node.nix copy cluster/$CLUSTER/node/$NIXHOST.site.nix /etc/nixos/site.nix cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos" -cmd nixos-rebuild switch --show-trace +cmd nixos-rebuild switch --upgrade --show-trace diff --git a/ssh_known_hosts b/ssh_known_hosts index e6baaa5..ec11e2b 100644 --- a/ssh_known_hosts +++ b/ssh_known_hosts @@ -18,3 +18,4 @@ diplotaxis.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcVtfOj0ti 2a06:a003:d019:1::33 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuY1CvhxBP9BtKkTlmOUu6Hhy8OQTB3R8OCFXbHA/RA 2a06:a003:d019:1::31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR 2a06:a003:d019:1::32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G +df-ykl.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEwsKl1Bv8HJa+rO2KymEDhKEcDY3s9CQmDQ8i/tHf4E -- 2.45.2 From 1a935e0791fe66acf04dcbfcda4d1f1d44b53313 Mon Sep 17 00:00:00 2001 From: Maximilien Richer Date: Sun, 16 Oct 2022 14:38:44 +0200 Subject: [PATCH 06/12] Remove additonal DNS entries from docker --- nix/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/configuration.nix b/nix/configuration.nix index 800d36d..2bb56f2 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -83,7 +83,7 @@ SystemMaxUse=1G virtualisation.docker = { enable = true; extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON { - dns = [ "172.17.0.1" "8.8.8.8" "8.8.4.4" ]; + dns = [ "172.17.0.1" ]; })}"; }; -- 2.45.2 From 0574c47e5f8da0e3cb68af0aa4ffe1775c94cad7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 16 Oct 2022 14:45:57 +0200 Subject: [PATCH 07/12] Add hint about ssh_config --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4975527..7220fa4 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ Basically: - To get your node's wg public key, you must run `./deploy_prod prod `, see the next section for more information - Add your nodes to `cluster/prod/ssh_config`, it will be used by the various SSH scripts. - If you use `ssh` directly, use `ssh -F ./cluster/prod/ssh_config` + - Add `User root` for the first time as your user will not be declared yet on the system ## How to deploy a Nix configuration on a fresh node -- 2.45.2 From 043c1957fd4054c0acab143d7e31e11674978efd Mon Sep 17 00:00:00 2001 From: Maximilien Richer Date: Sun, 16 Oct 2022 15:02:22 +0200 Subject: [PATCH 08/12] Fix typo on IP, add keys --- cluster/prod/cluster.nix | 2 +- ssh_known_hosts | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index 740fe5b..3d960e4 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -69,7 +69,7 @@ site_name = "bespin"; publicKey = "pUIKv8UBl586O7DBrHBsb9BgNU7WlYQ2r2RSNkD+JAQ="; IP = "10.83.3.2"; - lan_endpoint = "192.168.5.234:33799"; + lan_endpoint = "192.168.5.134:33799"; endpoint = "bespin.site.deuxfleurs.fr:33732"; } { diff --git a/ssh_known_hosts b/ssh_known_hosts index ec11e2b..a65f216 100644 --- a/ssh_known_hosts +++ b/ssh_known_hosts @@ -19,3 +19,5 @@ diplotaxis.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcVtfOj0ti 2a06:a003:d019:1::31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR 2a06:a003:d019:1::32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G df-ykl.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEwsKl1Bv8HJa+rO2KymEDhKEcDY3s9CQmDQ8i/tHf4E +df-ymk.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIo6bcVtpZ+pRVs0vNaUgC0kY5ddPtWryUmFQTZjA+73 +df-ymf.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2el374ejNXqF+yyMxOOhY2DWSJB9tbjr2H7gFfQtbc -- 2.45.2 From 9de4be582a6a4a9e7292d2c7994e53edae9e57c7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 16 Oct 2022 15:13:17 +0200 Subject: [PATCH 09/12] Celeri is no more a raft server --- cluster/prod/node/celeri.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/prod/node/celeri.nix b/cluster/prod/node/celeri.nix index d20ade1..4a2a347 100644 --- a/cluster/prod/node/celeri.nix +++ b/cluster/prod/node/celeri.nix @@ -15,5 +15,5 @@ deuxfleurs.ipv6 = "2a06:a003:d019:1::33"; deuxfleurs.cluster_ip = "10.83.1.3"; - deuxfleurs.is_raft_server = true; + deuxfleurs.is_raft_server = false; } -- 2.45.2 From 227091dc8a49ae75c8c6cfc6de4a1d8f500231ea Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 16 Oct 2022 15:20:16 +0200 Subject: [PATCH 10/12] How to bind your consul and nomad on your machine --- README.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7220fa4..e6914ee 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,28 @@ Run: ## How to operate a node -*To be written* +Edit your `~/.ssh/config` file: + +``` +Host dahlia + HostName dahlia.machine.deuxfleurs.fr + LocalForward 14646 127.0.0.1:4646 + LocalForward 8501 127.0.0.1:8501 + LocalForward 1389 bottin.service.prod.consul:389 + LocalForward 5432 psql-proxy.service.prod.consul:5432 +``` + +And then run the TLS proxy: + +``` +./tlsproxy prod +``` + +And then open in your browser: + + - http://localhost:8500 + - http://localhost:4646 + ## More -- 2.45.2 From ebca2d90c2359ff5c749680205d5c7b2bbe5e129 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 16 Oct 2022 15:37:54 +0200 Subject: [PATCH 11/12] Add mounts on bespin + tlsproxy --- cluster/prod/node/df-ykl.nix | 6 ++++++ cluster/prod/node/df-ymf.nix | 6 ++++++ cluster/prod/node/df-ymk.nix | 6 ++++++ tlsproxy | 4 ++-- 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/cluster/prod/node/df-ykl.nix b/cluster/prod/node/df-ykl.nix index e2eb796..04a2b35 100644 --- a/cluster/prod/node/df-ykl.nix +++ b/cluster/prod/node/df-ykl.nix @@ -15,4 +15,10 @@ deuxfleurs.cluster_ip = "10.83.3.1"; deuxfleurs.is_raft_server = true; + + fileSystems."/mnt" = { + device = "/dev/disk/by-uuid/f7aa396f-23d0-44d3-89cf-3cb00bbb6c3b"; + fsType = "xfs"; + options = [ "nofail" ]; + }; } diff --git a/cluster/prod/node/df-ymf.nix b/cluster/prod/node/df-ymf.nix index 2ae49ad..15c5b1e 100644 --- a/cluster/prod/node/df-ymf.nix +++ b/cluster/prod/node/df-ymf.nix @@ -15,4 +15,10 @@ deuxfleurs.cluster_ip = "10.83.3.2"; deuxfleurs.is_raft_server = false; + + fileSystems."/mnt" = { + device = "/dev/disk/by-uuid/fec20a7e-5019-4747-8f73-77f3f196c122"; + fsType = "xfs"; + options = [ "nofail" ]; + }; } diff --git a/cluster/prod/node/df-ymk.nix b/cluster/prod/node/df-ymk.nix index c30346f..d7deb49 100644 --- a/cluster/prod/node/df-ymk.nix +++ b/cluster/prod/node/df-ymk.nix @@ -15,4 +15,10 @@ deuxfleurs.cluster_ip = "10.83.3.3"; deuxfleurs.is_raft_server = false; + + fileSystems."/mnt" = { + device = "/dev/disk/by-uuid/51d95b17-0e06-4a73-9e4e-ae5363cc4015"; + fsType = "xfs"; + options = [ "nofail" ]; + }; } diff --git a/tlsproxy b/tlsproxy index 7988737..1ddeafa 100755 --- a/tlsproxy +++ b/tlsproxy @@ -37,10 +37,10 @@ pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key -socat -dd tcp4-listen:4646,reuseaddr,fork openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt,verify=0 & +socat -dd tcp-listen:4646,reuseaddr,fork,bind=localhost openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt,verify=0 & child1=$! -socat -dd tcp4-listen:8500,reuseaddr,fork openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt,verify=0 & +socat -dd tcp-listen:8500,reuseaddr,fork,bind=localhost openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt,verify=0 & child2=$! wait "$child1" -- 2.45.2 From 913c2cd4761a518a106de8d0985116f757cc862d Mon Sep 17 00:00:00 2001 From: Maximilien Richer Date: Sun, 16 Oct 2022 15:58:08 +0200 Subject: [PATCH 12/12] Deploy garage on bespin --- cluster/prod/app/garage/deploy/garage-light.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/prod/app/garage/deploy/garage-light.hcl b/cluster/prod/app/garage/deploy/garage-light.hcl index 90d1cb0..94c388d 100644 --- a/cluster/prod/app/garage/deploy/garage-light.hcl +++ b/cluster/prod/app/garage/deploy/garage-light.hcl @@ -1,5 +1,5 @@ job "garage-light" { - datacenters = ["neptune"] + datacenters = ["neptune", "bespin"] type = "system" priority = 80 -- 2.45.2