diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-12-22 23:44:00 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-12-22 23:44:00 +0100 |
| commit | 0e1574a82b7067910d5403cfd46e94bcf929327a (patch) | |
| tree | 96b2962ce6a8461b10db0c7ea6aea4f03ceaf909 /doc/architecture.md | |
| parent | 3e5e2d60cdac107cc996e0efe936ced8fd25c61d (diff) | |
| download | nixcfg-0e1574a82b7067910d5403cfd46e94bcf929327a.tar.gz nixcfg-0e1574a82b7067910d5403cfd46e94bcf929327a.zip | |
More doc reorganization
Diffstat (limited to 'doc/architecture.md')
| -rw-r--r-- | doc/architecture.md | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/doc/architecture.md b/doc/architecture.md index 8a9579f..ee83dca 100644 --- a/doc/architecture.md +++ b/doc/architecture.md @@ -1,4 +1,4 @@ -# Additional README +# Overall architecture ## Configuring the OS @@ -15,6 +15,7 @@ All deployment scripts can use the following parameters passed as environment va - `SUDO_PASS`: optionnally, the password for `sudo` on cluster nodes. If not set, it will be asked at the begninning. - `SSH_USER`: optionnally, the user to try to login using SSH. If not set, the username from your local machine will be used. + ### Assumptions (how to setup your environment) - you have an SSH access to all of your cluster nodes (listed in `cluster/<cluster_name>/ssh_config`) @@ -25,6 +26,7 @@ All deployment scripts can use the following parameters passed as environment va - you have a clone of the secrets repository in your `pass` password store, for instance at `~/.password-store/deuxfleurs` (scripts in this repo will read and write all secrets in `pass` under `deuxfleurs/cluster/<cluster_name>/`) + ### Deploying the NixOS configuration The NixOS configuration makes use of a certain number of files: @@ -48,12 +50,9 @@ or to deploy only on a single node: To upgrade NixOS, use the `./upgrade_nixos` script instead (it has the same syntax). -**When adding a node to the cluster:** just do `./deploy_nixos <cluster_name> <name_of_new_node>` ### Generating and deploying a PKI for Consul and Nomad -This is very similar to how we do for Wesher. - First, if the PKI has not yet been created, create it with: ``` @@ -66,7 +65,8 @@ Then, deploy the PKI on all nodes with: ./deploy_pki <cluster_name> ``` -**When adding a node to the cluster:** just do `./deploy_pki <cluster_name> <name_of_new_node>` +Note that certificates are valid for not much more than one year: every year in January, `gen_pki` and `deploy_pki` have to be re-run to generate certificates for the new year. + ### Adding administrators and password management @@ -89,6 +89,7 @@ Then, an administrator that already has root access must run the following (afte ./deploy_passwords <cluster_name> ``` + ## Deploying stuff on Nomad ### Connecting to Nomad @@ -118,12 +119,12 @@ Stuff should be started in this order: 1. `app/core` 2. `app/frontend` 3. `app/telemetry` -4. `app/garage-staging` +4. `app/garage` 5. `app/directory` -Then, other stuff can be started in any order: +Then, other stuff can be started in any order, e.g.: -- `app/im` (cluster `staging` only) -- `app/cryptpad` (cluster `prod` only) +- `app/im` +- `app/cryptpad` - `app/drone-ci` |