tixie/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

Fusion conflict

Browse source
This commit is contained in:
Vincent 2024-03-16 18:53:11 +01:00
parent f228592473
commit 18af714330
4 changed files with 10 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cluster/staging/known_hosts
View file

@ -11,8 +11,4 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh
10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co 10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ 192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co 2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
df-pw5.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeehxeGiZR7qquYGoqEH/YrRJ/ukEcaLH
origan.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK
piranha.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co piranha.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co

1
cluster/staging/ssh_config
View file

@ -9,6 +9,7 @@ Host origan
HostName origan.machine.staging.deuxfleurs.org HostName origan.machine.staging.deuxfleurs.org
Host piranha Host piranha
HostName %h.machine.staging.deuxfleurs.org
#HostName piranha.polyno.me #HostName piranha.polyno.me
#OR #OR
#ProxyJump caribou.machine.deuxfleurs.fr #ProxyJump caribou.machine.deuxfleurs.fr

14
deploy_pki
View file

@ -19,10 +19,10 @@ cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
if [ ! "$CLUSTER" = "prod" ]; then
cmd systemctl restart consul cmd systemctl reload consul
cmd sleep 10 cmd sleep 10
fi
for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
nomad$YEAR-client.crt nomad$YEAR-client.key \ nomad$YEAR-client.crt nomad$YEAR-client.key \
@ -30,8 +30,10 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
do do
if pass $PKI/$file >/dev/null; then if pass $PKI/$file >/dev/null; then
write_pass $PKI/$file /var/lib/nomad/pki/$file write_pass $PKI/$file /var/lib/nomad/pki/$file
if [ "$CLUSTER" = "prod" ]; then
cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file" cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file"
fi fi
fi
done done
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt
@ -42,9 +44,7 @@ cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
if [ ! "$CLUSTER" = "prod" ]; then cmd systemctl reload nomad
cmd systemctl restart nomad
fi
set_env CONSUL_HTTP_ADDR=https://localhost:8501 set_env CONSUL_HTTP_ADDR=https://localhost:8501
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt

3
tlsproxy
View file

@ -17,8 +17,7 @@ PREFIX="deuxfleurs/cluster/$CLUSTER"
# Do actual stuff # Do actual stuff
#YEAR=$(date +%Y) YEAR=$(date +%Y)
YEAR=2023
CERTDIR=$(mktemp -d) CERTDIR=$(mktemp -d)