Merge branch 'main' into feat/im-tls-proxy

This commit is contained in:
ADRN 2024-01-22 18:00:49 +01:00
commit 672c398315
12 changed files with 68 additions and 20 deletions

View file

@ -13,7 +13,7 @@ job "core-diplonat" {
driver = "docker"
config {
image = "lxpz/amd64_diplonat:6"
image = "lxpz/amd64_diplonat:7"
network_mode = "host"
readonly_rootfs = true
privileged = true

View file

@ -44,7 +44,7 @@ job "garage" {
template {
data = file("../config/garage.toml")
destination = "secrets/garage.toml"
change_mode = "noop"
#change_mode = "noop"
}
template {

View file

@ -106,6 +106,18 @@
baptiste = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax"
];
aeddis = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
];
boris = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
];
vincent = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
];
};
# For Garage external communication

View file

@ -22,7 +22,7 @@ job "core-diplonat" {
"#iptables",
"#bash",
"#coreutils",
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=05872634a42bf0aef3ab0a2760e2be4590bc8b73"
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493"
]
command = "diplonat"
}

View file

@ -82,6 +82,7 @@ EOH
name = "tricot-http"
port = "http_port"
tags = [
"d53-aaaa ${attr.unique.hostname}.machine.staging.deuxfleurs.org",
"d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
"d53-aaaa staging.deuxfleurs.org",
"(diplonat (tcp_port 80))"

View file

@ -26,8 +26,8 @@ job "garage-staging" {
packages = [
"#bash", # so that we can enter a shell inside container
"#coreutils",
# garage v0.9.0
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=952c9570c494468643353ee1ae9052b510353665",
# garage v0.9.1-rc
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=9cfeea389a1274d4d3c1f4b7072b0c056af410ef",
]
command = "garage"
args = [ "server" ]

View file

@ -192,8 +192,8 @@ EOH
}
resources {
memory = 200
memory_max = 200
memory = 500
memory_max = 500
cpu = 100
}
}

View file

@ -79,6 +79,18 @@
armael = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix"
];
aeddis = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
];
boris = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
];
vincent = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
];
};
# For Garage ipv6 communication

View file

@ -11,3 +11,5 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh
10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22

View file

@ -1,18 +1,24 @@
UserKnownHostsFile ./cluster/staging/known_hosts
Host caribou
HostName caribou.machine.deuxfleurs.fr
#HostName caribou.machine.deuxfleurs.fr
HostName caribou.machine.staging.deuxfleurs.org
Host carcajou
HostName carcajou.machine.deuxfleurs.fr
#HostName carcajou.machine.deuxfleurs.fr
HostName carcajou.machine.staging.deuxfleurs.org
Host origan
HostName origan.df.trinity.fr.eu.org
#HostName origan.df.trinity.fr.eu.org
HostName origan.machine.staging.deuxfleurs.org
Host piranha
ProxyJump carcajou.machine.deuxfleurs.fr
HostName 10.14.3.1
#HostName piranha.polyno.me
#OR
#ProxyJump carcajou.machine.deuxfleurs.fr
#HostName 10.14.3.1
HostName piranha.machine.staging.deuxfleurs.org
Host df-pw5
HostName df-pw5.machine.deuxfleurs.fr
#HostName df-pw5.machine.deuxfleurs.fr
HostName df-pw5.machine.staging.deuxfleurs.org

View file

@ -17,12 +17,26 @@ Basically:
Edit your `~/.ssh/config` file with content such as the following:
```
Host dahlia
HostName dahlia.machine.deuxfleurs.fr
# Deuxfleurs prod
Host abricot ananas concombre celeri courgette df-ykl df-ymf df-ymk
HostName %h.machine.deuxfleurs.fr
IdentityFile ~/.ssh/deuxfleurs_ed25519
User adrien
LocalForward 14646 127.0.0.1:4646
LocalForward 8501 127.0.0.1:8501
LocalForward 1389 bottin.service.prod.consul:389
LocalForward 5432 psql-proxy.service.prod.consul:5432
# Deuxfleurs staging
Host piranha df-pw5 # et autres
HostName %h.machine.deuxfleurs.fr
IdentityFile ~/.ssh/deuxfleurs_ed25519
User adrien
LocalForward 14646 127.0.0.1:4646
LocalForward 8501 127.0.0.1:8501
LocalForward 1389 bottin.service.prod.consul:389
LocalForward 5432 psql-proxy.service.prod.consul:5432
```
Then run the TLS proxy and leave it running:

View file

@ -17,7 +17,8 @@ PREFIX="deuxfleurs/cluster/$CLUSTER"
# Do actual stuff
YEAR=$(date +%Y)
#YEAR=$(date +%Y)
YEAR=2023
CERTDIR=$(mktemp -d)