Merge branch 'main' into feat/im-tls-proxy

12 files changed, 68 insertions, 20 deletions

diff --git a/cluster/prod/app/core/deploy/diplonat.hcl b/cluster/prod/app/core/deploy/diplonat.hcl
index 6f2b796..ce5bccf 100644
--- a/cluster/prod/app/core/deploy/diplonat.hcl
+++ b/cluster/prod/app/core/deploy/diplonat.hcl
@@ -13,7 +13,7 @@ job "core-diplonat" {
       driver = "docker"
 
       config {
-        image = "lxpz/amd64_diplonat:6"
+        image = "lxpz/amd64_diplonat:7"
         network_mode = "host"
         readonly_rootfs = true
         privileged = true
diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl
index 4964a37..180f4d9 100644
--- a/cluster/prod/app/garage/deploy/garage.hcl
+++ b/cluster/prod/app/garage/deploy/garage.hcl
@@ -44,7 +44,7 @@ job "garage" {
       template {
         data = file("../config/garage.toml")
         destination = "secrets/garage.toml"
-        change_mode = "noop"
+        #change_mode = "noop"
       }
 
       template {
diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix
index e6f71e0..639028a 100644
--- a/cluster/prod/cluster.nix
+++ b/cluster/prod/cluster.nix
@@ -106,6 +106,18 @@
     baptiste = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax"
     ];
+    aeddis = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
+    ];
+    boris = [
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
+    ];
+    vincent = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
+    ];
   };
 
   # For Garage external communication
diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl
index d8f13b2..16bc27b 100644
--- a/cluster/staging/app/core/deploy/diplonat.hcl
+++ b/cluster/staging/app/core/deploy/diplonat.hcl
@@ -22,7 +22,7 @@ job "core-diplonat" {
           "#iptables",
 		  "#bash",
 		  "#coreutils",
-          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=05872634a42bf0aef3ab0a2760e2be4590bc8b73"
+          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493"
         ]
         command = "diplonat"
       }
diff --git a/cluster/staging/app/core/deploy/tricot.hcl b/cluster/staging/app/core/deploy/tricot.hcl
index 1446359..62c8030 100644
--- a/cluster/staging/app/core/deploy/tricot.hcl
+++ b/cluster/staging/app/core/deploy/tricot.hcl
@@ -82,6 +82,7 @@ EOH
         name = "tricot-http"
         port = "http_port"
         tags = [
+          "d53-aaaa ${attr.unique.hostname}.machine.staging.deuxfleurs.org",
           "d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
           "d53-aaaa staging.deuxfleurs.org",
           "(diplonat (tcp_port 80))"
diff --git a/cluster/staging/app/garage/deploy/garage.hcl b/cluster/staging/app/garage/deploy/garage.hcl
index e5b1dc6..5ba1b4a 100644
--- a/cluster/staging/app/garage/deploy/garage.hcl
+++ b/cluster/staging/app/garage/deploy/garage.hcl
@@ -26,8 +26,8 @@ job "garage-staging" {
         packages = [
           "#bash", # so that we can enter a shell inside container
           "#coreutils",
-		  # garage v0.9.0
-         "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=952c9570c494468643353ee1ae9052b510353665",
+		  # garage v0.9.1-rc
+         "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=9cfeea389a1274d4d3c1f4b7072b0c056af410ef",
         ]
         command = "garage"
         args = [ "server" ]
diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl
index c7b500f..b8a2bbe 100644
--- a/cluster/staging/app/im/deploy/im-nix.hcl
+++ b/cluster/staging/app/im/deploy/im-nix.hcl
@@ -192,8 +192,8 @@ EOH
       }
 
       resources {
-        memory = 200
-        memory_max = 200
+        memory = 500
+        memory_max = 500
         cpu = 100
       }
     }
diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix
index 951f5bb..3f7c941 100644
--- a/cluster/staging/cluster.nix
+++ b/cluster/staging/cluster.nix
@@ -79,6 +79,18 @@
     armael = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix"
     ];
+    aeddis = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
+    ];
+    boris = [
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
+    ];
+    vincent = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
+    ];
   };
 
   # For Garage ipv6 communication
diff --git a/cluster/staging/known_hosts b/cluster/staging/known_hosts
index cc52366..d6a63da 100644
--- a/cluster/staging/known_hosts
+++ b/cluster/staging/known_hosts
@@ -11,3 +11,5 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh
 10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
 192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
 2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
+carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
+caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config
index 08cac54..54c0f01 100644
--- a/cluster/staging/ssh_config
+++ b/cluster/staging/ssh_config
@@ -1,18 +1,24 @@
 UserKnownHostsFile ./cluster/staging/known_hosts
 
 Host caribou
-	HostName caribou.machine.deuxfleurs.fr
+	#HostName caribou.machine.deuxfleurs.fr
+	HostName caribou.machine.staging.deuxfleurs.org
 
 Host carcajou
-	HostName carcajou.machine.deuxfleurs.fr
+	#HostName carcajou.machine.deuxfleurs.fr
+	HostName carcajou.machine.staging.deuxfleurs.org
 
 Host origan
-	HostName origan.df.trinity.fr.eu.org
+	#HostName origan.df.trinity.fr.eu.org
+	HostName origan.machine.staging.deuxfleurs.org
 
 Host piranha
-	ProxyJump carcajou.machine.deuxfleurs.fr
-	HostName 10.14.3.1
 	#HostName piranha.polyno.me
+	#OR
+	#ProxyJump carcajou.machine.deuxfleurs.fr
+	#HostName 10.14.3.1
+	HostName piranha.machine.staging.deuxfleurs.org
 
 Host df-pw5
-	HostName df-pw5.machine.deuxfleurs.fr
+	#HostName df-pw5.machine.deuxfleurs.fr
+	HostName df-pw5.machine.staging.deuxfleurs.org
diff --git a/doc/onboarding.md b/doc/onboarding.md
index 2ebd9f8..e8d8bd3 100644
--- a/doc/onboarding.md
+++ b/doc/onboarding.md
@@ -17,12 +17,26 @@ Basically:
 Edit your `~/.ssh/config` file with content such as the following:
 
 ```
-Host dahlia
-  HostName dahlia.machine.deuxfleurs.fr
-  LocalForward 14646 127.0.0.1:4646
-  LocalForward 8501 127.0.0.1:8501
-  LocalForward 1389 bottin.service.prod.consul:389
-  LocalForward 5432 psql-proxy.service.prod.consul:5432
+# Deuxfleurs prod
+Host abricot ananas concombre celeri courgette df-ykl df-ymf df-ymk   
+    HostName %h.machine.deuxfleurs.fr
+    IdentityFile ~/.ssh/deuxfleurs_ed25519
+    User adrien
+    LocalForward 14646 127.0.0.1:4646
+    LocalForward 8501 127.0.0.1:8501
+    LocalForward 1389 bottin.service.prod.consul:389
+    LocalForward 5432 psql-proxy.service.prod.consul:5432
+
+# Deuxfleurs staging
+Host piranha df-pw5 # et autres
+    HostName %h.machine.deuxfleurs.fr
+    IdentityFile ~/.ssh/deuxfleurs_ed25519
+    User adrien
+    LocalForward 14646 127.0.0.1:4646
+    LocalForward 8501 127.0.0.1:8501
+    LocalForward 1389 bottin.service.prod.consul:389
+    LocalForward 5432 psql-proxy.service.prod.consul:5432
+
 ```
 
 Then run the TLS proxy and leave it running:
diff --git a/tlsproxy b/tlsproxy
index 1260d21..d6a845c 100755
--- a/tlsproxy
+++ b/tlsproxy
@@ -17,7 +17,8 @@ PREFIX="deuxfleurs/cluster/$CLUSTER"
 
 # Do actual stuff
 
-YEAR=$(date +%Y)
+#YEAR=$(date +%Y)
+YEAR=2023
 
 CERTDIR=$(mktemp -d)