diff options
| -rw-r--r-- | cluster/prod/app/core/deploy/diplonat.hcl | 1 | ||||
| -rw-r--r-- | cluster/prod/app/garage/deploy/garage.hcl | 4 | ||||
| -rw-r--r-- | cluster/prod/ssh_config | 2 | ||||
| -rw-r--r-- | cluster/staging/app/core/deploy/d53.hcl | 22 | ||||
| -rw-r--r-- | cluster/staging/app/core/deploy/diplonat.hcl | 21 | ||||
| -rw-r--r-- | cluster/staging/ssh_config | 4 | ||||
| -rwxr-xr-x | upgrade_nixos | 2 |
7 files changed, 32 insertions, 24 deletions
diff --git a/cluster/prod/app/core/deploy/diplonat.hcl b/cluster/prod/app/core/deploy/diplonat.hcl index de8ff75..cf4844b 100644 --- a/cluster/prod/app/core/deploy/diplonat.hcl +++ b/cluster/prod/app/core/deploy/diplonat.hcl @@ -48,6 +48,7 @@ job "core-diplonat" { data = <<EOH DIPLONAT_REFRESH_TIME=60 DIPLONAT_EXPIRATION_TIME=300 +DIPLONAT_STUN_SERVER=stun.l.google.com:19302 DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501 DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl index 81a22c3..f2a9347 100644 --- a/cluster/prod/app/garage/deploy/garage.hcl +++ b/cluster/prod/app/garage/deploy/garage.hcl @@ -1,5 +1,5 @@ job "garage" { - datacenters = ["neptune", "bespin", "scorpio", "corrin"] + datacenters = ["bespin", "scorpio", "corrin"] type = "system" priority = 80 @@ -44,7 +44,7 @@ job "garage" { template { data = file("../config/garage.toml") destination = "secrets/garage.toml" - #change_mode = "noop" + change_mode = "noop" } template { diff --git a/cluster/prod/ssh_config b/cluster/prod/ssh_config index 8341a82..f63a335 100644 --- a/cluster/prod/ssh_config +++ b/cluster/prod/ssh_config @@ -1,4 +1,6 @@ UserKnownHostsFile ./cluster/prod/known_hosts +Host * + Port 110 Host concombre HostName concombre.machine.deuxfleurs.fr diff --git a/cluster/staging/app/core/deploy/d53.hcl b/cluster/staging/app/core/deploy/d53.hcl index 42cb819..fd4a74c 100644 --- a/cluster/staging/app/core/deploy/d53.hcl +++ b/cluster/staging/app/core/deploy/d53.hcl @@ -7,13 +7,15 @@ job "core-d53" { count = 1 task "d53" { - driver = "nix2" + driver = "docker" config { - packages = [ - "git+https://git.deuxfleurs.fr/lx/D53.git?ref=main&rev=477ac217a09e612f6e72da3d117eac278cca16b4" + image = "lxpz/amd64_d53:4" + network_mode = "host" + readonly_rootfs = true + volumes = [ + "secrets:/etc/d53", ] - command = "d53" } resources { @@ -30,25 +32,25 @@ job "core-d53" { template { data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "etc/tricot/consul-ca.crt" + destination = "secrets/consul-ca.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "etc/tricot/consul-client.crt" + destination = "secrets/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "etc/tricot/consul-client.key" + destination = "secrets/consul-client.key" } template { data = <<EOH D53_CONSUL_HOST=https://localhost:8501 -D53_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt -D53_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt -D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key +D53_CONSUL_CA_CERT=/etc/d53/consul-ca.crt +D53_CONSUL_CLIENT_CERT=/etc/d53/consul-client.crt +D53_CONSUL_CLIENT_KEY=/etc/d53/consul-client.key D53_PROVIDERS=deuxfleurs.org:gandi D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }} D53_ALLOWED_DOMAINS=staging.deuxfleurs.org diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl index b6a83aa..e7657ed 100644 --- a/cluster/staging/app/core/deploy/diplonat.hcl +++ b/cluster/staging/app/core/deploy/diplonat.hcl @@ -15,18 +15,17 @@ job "core-diplonat" { group "diplonat" { task "diplonat" { - driver = "nix2" + driver = "docker" config { - packages = [ - "#iptables", - "#bash", - "#coreutils", - "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493" + image = "lxpz/amd64_diplonat:7" + network_mode = "host" + readonly_rootfs = true + privileged = true + volumes = [ + "secrets:/etc/diplonat", ] - command = "diplonat" } - user = "root" restart { interval = "30m" @@ -37,17 +36,17 @@ job "core-diplonat" { template { data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "etc/diplonat/consul-ca.crt" + destination = "secrets/consul-ca.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "etc/diplonat/consul-client.crt" + destination = "secrets/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "etc/diplonat/consul-client.key" + destination = "secrets/consul-client.key" } template { diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config index e0e191a..dadd285 100644 --- a/cluster/staging/ssh_config +++ b/cluster/staging/ssh_config @@ -2,6 +2,10 @@ UserKnownHostsFile ./cluster/staging/known_hosts Host * Port 110 +Host caribou_v4 + Port 2234 + Hostname 78.192.88.164 + Host caribou HostName caribou.machine.staging.deuxfleurs.org diff --git a/upgrade_nixos b/upgrade_nixos index 221ff54..25a2347 100755 --- a/upgrade_nixos +++ b/upgrade_nixos @@ -1,7 +1,7 @@ #!/usr/bin/env ./sshtool if [ "$CLUSTER" = "staging" ]; then - cmd nix-channel --add https://nixos.org/channels/nixos-24.05 nixos + cmd nix-channel --add https://nixos.org/channels/nixos-24.11 nixos else cmd nix-channel --add https://nixos.org/channels/nixos-24.05 nixos fi |