diff options
| -rw-r--r-- | cluster/prod/app/core/deploy/tricot.hcl | 3 | ||||
| -rw-r--r-- | cluster/prod/app/woodpecker-ci/integration/README.md | 4 | ||||
| -rw-r--r-- | cluster/staging/node/caribou.nix | 2 | ||||
| -rwxr-xr-x | sshtool | 6 | ||||
| -rwxr-xr-x | tlsproxy | 2 |
5 files changed, 10 insertions, 7 deletions
diff --git a/cluster/prod/app/core/deploy/tricot.hcl b/cluster/prod/app/core/deploy/tricot.hcl index 2c0636f..581fb74 100644 --- a/cluster/prod/app/core/deploy/tricot.hcl +++ b/cluster/prod/app/core/deploy/tricot.hcl @@ -35,6 +35,9 @@ job "core-tricot" { volumes = [ "secrets:/etc/tricot", ] + ulimit { + nofile = "65535:65535" + } } resources { diff --git a/cluster/prod/app/woodpecker-ci/integration/README.md b/cluster/prod/app/woodpecker-ci/integration/README.md index 2477995..b9561f7 100644 --- a/cluster/prod/app/woodpecker-ci/integration/README.md +++ b/cluster/prod/app/woodpecker-ci/integration/README.md @@ -38,8 +38,8 @@ apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke ## Install the runner ```bash -wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/nix.conf -wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/docker-compose.yml +wget https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/raw/branch/main/cluster/prod/app/woodpecker-ci/integration/nix.conf +wget https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/raw/branch/main/cluster/prod/app/woodpecker-ci/integration/docker-compose.yml ``` Create a new Agent for your runner in the Woodpecker admin, and copy the agent secret value. diff --git a/cluster/staging/node/caribou.nix b/cluster/staging/node/caribou.nix index 80293e9..487c838 100644 --- a/cluster/staging/node/caribou.nix +++ b/cluster/staging/node/caribou.nix @@ -9,7 +9,7 @@ boot.loader.efi.canTouchEfiVariables = true; deuxfleurs.hostName = "caribou"; - deuxfleurs.staticIPv6.address = "2001:910:1204:1::23"; + deuxfleurs.staticIPv6.address = "2a01:e0a:2c:540::23"; deuxfleurs.isRaftServer = true; system.stateVersion = "21.05"; @@ -26,7 +26,7 @@ else fi if [ -z "$ROOT_PASS" ]; then - read -s -p "Enter remote sudo password: " ROOT_PASS + read -r -s -p "Enter remote sudo password: " ROOT_PASS echo fi @@ -37,11 +37,11 @@ function header { cat <<EOF cat > /tmp/deploytool_askpass_$RANDNAME <<EOG #!/usr/bin/env sh -echo "\\\$DEPLOYTOOL_ROOT_PASSWORD" +echo "\\\$DEPLOYTOOL_ROOT_PASSWORD" | base64 -d EOG chmod +x /tmp/deploytool_askpass_$RANDNAME export SUDO_ASKPASS=/tmp/deploytool_askpass_$RANDNAME -export DEPLOYTOOL_ROOT_PASSWORD="$ROOT_PASS" +export DEPLOYTOOL_ROOT_PASSWORD=$(echo $ROOT_PASS | base64) sudo -A sh - <<'EOEVERYTHING' set -e EOF @@ -7,7 +7,7 @@ set -xe cd $(dirname $0) CLUSTER="$1" -if [ ! -d "cluster/$CLUSTER" ]; then +if [ ! -d "cluster/$CLUSTER" ] || [ -z "$CLUSTER" ]; then echo "Usage: $0 <cluster name>" echo "The cluster name must be the name of a subdirectory of cluster/" exit 1 |