diff options
author | ADRN <adrien@luxeylab.net> | 2024-01-22 18:00:49 +0100 |
---|---|---|
committer | ADRN <adrien@luxeylab.net> | 2024-01-22 18:00:49 +0100 |
commit | 672c3983154415cd76ea81d2b777210115ac5c01 (patch) | |
tree | 1717bda878d5d6191a93a83bb1d682c71a95e1eb | |
parent | abce598e6c7933e9f902a768c974fbbd695258ad (diff) | |
parent | 3ff35c552765dc49a8cad8dd9d4c44d05907f5ff (diff) | |
download | nixcfg-672c3983154415cd76ea81d2b777210115ac5c01.tar.gz nixcfg-672c3983154415cd76ea81d2b777210115ac5c01.zip |
Merge branch 'main' into feat/im-tls-proxy
-rw-r--r-- | cluster/prod/app/core/deploy/diplonat.hcl | 2 | ||||
-rw-r--r-- | cluster/prod/app/garage/deploy/garage.hcl | 2 | ||||
-rw-r--r-- | cluster/prod/cluster.nix | 12 | ||||
-rw-r--r-- | cluster/staging/app/core/deploy/diplonat.hcl | 2 | ||||
-rw-r--r-- | cluster/staging/app/core/deploy/tricot.hcl | 1 | ||||
-rw-r--r-- | cluster/staging/app/garage/deploy/garage.hcl | 4 | ||||
-rw-r--r-- | cluster/staging/app/im/deploy/im-nix.hcl | 4 | ||||
-rw-r--r-- | cluster/staging/cluster.nix | 12 | ||||
-rw-r--r-- | cluster/staging/known_hosts | 2 | ||||
-rw-r--r-- | cluster/staging/ssh_config | 18 | ||||
-rw-r--r-- | doc/onboarding.md | 26 | ||||
-rwxr-xr-x | tlsproxy | 3 |
12 files changed, 68 insertions, 20 deletions
diff --git a/cluster/prod/app/core/deploy/diplonat.hcl b/cluster/prod/app/core/deploy/diplonat.hcl index 6f2b796..ce5bccf 100644 --- a/cluster/prod/app/core/deploy/diplonat.hcl +++ b/cluster/prod/app/core/deploy/diplonat.hcl @@ -13,7 +13,7 @@ job "core-diplonat" { driver = "docker" config { - image = "lxpz/amd64_diplonat:6" + image = "lxpz/amd64_diplonat:7" network_mode = "host" readonly_rootfs = true privileged = true diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl index 4964a37..180f4d9 100644 --- a/cluster/prod/app/garage/deploy/garage.hcl +++ b/cluster/prod/app/garage/deploy/garage.hcl @@ -44,7 +44,7 @@ job "garage" { template { data = file("../config/garage.toml") destination = "secrets/garage.toml" - change_mode = "noop" + #change_mode = "noop" } template { diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index e6f71e0..639028a 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -106,6 +106,18 @@ baptiste = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax" ]; + aeddis = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md" + ]; + boris = [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0=" + ]; + vincent = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7" + ]; }; # For Garage external communication diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl index d8f13b2..16bc27b 100644 --- a/cluster/staging/app/core/deploy/diplonat.hcl +++ b/cluster/staging/app/core/deploy/diplonat.hcl @@ -22,7 +22,7 @@ job "core-diplonat" { "#iptables", "#bash", "#coreutils", - "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=05872634a42bf0aef3ab0a2760e2be4590bc8b73" + "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493" ] command = "diplonat" } diff --git a/cluster/staging/app/core/deploy/tricot.hcl b/cluster/staging/app/core/deploy/tricot.hcl index 1446359..62c8030 100644 --- a/cluster/staging/app/core/deploy/tricot.hcl +++ b/cluster/staging/app/core/deploy/tricot.hcl @@ -82,6 +82,7 @@ EOH name = "tricot-http" port = "http_port" tags = [ + "d53-aaaa ${attr.unique.hostname}.machine.staging.deuxfleurs.org", "d53-aaaa ${meta.site}.site.staging.deuxfleurs.org", "d53-aaaa staging.deuxfleurs.org", "(diplonat (tcp_port 80))" diff --git a/cluster/staging/app/garage/deploy/garage.hcl b/cluster/staging/app/garage/deploy/garage.hcl index e5b1dc6..5ba1b4a 100644 --- a/cluster/staging/app/garage/deploy/garage.hcl +++ b/cluster/staging/app/garage/deploy/garage.hcl @@ -26,8 +26,8 @@ job "garage-staging" { packages = [ "#bash", # so that we can enter a shell inside container "#coreutils", - # garage v0.9.0 - "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=952c9570c494468643353ee1ae9052b510353665", + # garage v0.9.1-rc + "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=9cfeea389a1274d4d3c1f4b7072b0c056af410ef", ] command = "garage" args = [ "server" ] diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl index c7b500f..b8a2bbe 100644 --- a/cluster/staging/app/im/deploy/im-nix.hcl +++ b/cluster/staging/app/im/deploy/im-nix.hcl @@ -192,8 +192,8 @@ EOH } resources { - memory = 200 - memory_max = 200 + memory = 500 + memory_max = 500 cpu = 100 } } diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix index 951f5bb..3f7c941 100644 --- a/cluster/staging/cluster.nix +++ b/cluster/staging/cluster.nix @@ -79,6 +79,18 @@ armael = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix" ]; + aeddis = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md" + ]; + boris = [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0=" + ]; + vincent = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7" + ]; }; # For Garage ipv6 communication diff --git a/cluster/staging/known_hosts b/cluster/staging/known_hosts index cc52366..d6a63da 100644 --- a/cluster/staging/known_hosts +++ b/cluster/staging/known_hosts @@ -11,3 +11,5 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh 10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co 192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ 2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co +carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ +caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22 diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config index 08cac54..54c0f01 100644 --- a/cluster/staging/ssh_config +++ b/cluster/staging/ssh_config @@ -1,18 +1,24 @@ UserKnownHostsFile ./cluster/staging/known_hosts Host caribou - HostName caribou.machine.deuxfleurs.fr + #HostName caribou.machine.deuxfleurs.fr + HostName caribou.machine.staging.deuxfleurs.org Host carcajou - HostName carcajou.machine.deuxfleurs.fr + #HostName carcajou.machine.deuxfleurs.fr + HostName carcajou.machine.staging.deuxfleurs.org Host origan - HostName origan.df.trinity.fr.eu.org + #HostName origan.df.trinity.fr.eu.org + HostName origan.machine.staging.deuxfleurs.org Host piranha - ProxyJump carcajou.machine.deuxfleurs.fr - HostName 10.14.3.1 #HostName piranha.polyno.me + #OR + #ProxyJump carcajou.machine.deuxfleurs.fr + #HostName 10.14.3.1 + HostName piranha.machine.staging.deuxfleurs.org Host df-pw5 - HostName df-pw5.machine.deuxfleurs.fr + #HostName df-pw5.machine.deuxfleurs.fr + HostName df-pw5.machine.staging.deuxfleurs.org diff --git a/doc/onboarding.md b/doc/onboarding.md index 2ebd9f8..e8d8bd3 100644 --- a/doc/onboarding.md +++ b/doc/onboarding.md @@ -17,12 +17,26 @@ Basically: Edit your `~/.ssh/config` file with content such as the following: ``` -Host dahlia - HostName dahlia.machine.deuxfleurs.fr - LocalForward 14646 127.0.0.1:4646 - LocalForward 8501 127.0.0.1:8501 - LocalForward 1389 bottin.service.prod.consul:389 - LocalForward 5432 psql-proxy.service.prod.consul:5432 +# Deuxfleurs prod +Host abricot ananas concombre celeri courgette df-ykl df-ymf df-ymk + HostName %h.machine.deuxfleurs.fr + IdentityFile ~/.ssh/deuxfleurs_ed25519 + User adrien + LocalForward 14646 127.0.0.1:4646 + LocalForward 8501 127.0.0.1:8501 + LocalForward 1389 bottin.service.prod.consul:389 + LocalForward 5432 psql-proxy.service.prod.consul:5432 + +# Deuxfleurs staging +Host piranha df-pw5 # et autres + HostName %h.machine.deuxfleurs.fr + IdentityFile ~/.ssh/deuxfleurs_ed25519 + User adrien + LocalForward 14646 127.0.0.1:4646 + LocalForward 8501 127.0.0.1:8501 + LocalForward 1389 bottin.service.prod.consul:389 + LocalForward 5432 psql-proxy.service.prod.consul:5432 + ``` Then run the TLS proxy and leave it running: @@ -17,7 +17,8 @@ PREFIX="deuxfleurs/cluster/$CLUSTER" # Do actual stuff -YEAR=$(date +%Y) +#YEAR=$(date +%Y) +YEAR=2023 CERTDIR=$(mktemp -d) |