diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 29 |
1 files changed, 0 insertions, 29 deletions
@@ -58,35 +58,6 @@ To upgrade NixOS, use the `./upgrade_nixos` script instead (it has the same synt **When adding a node to the cluster:** just do `./deploy_nixos <cluster_name> <name_of_new_node>` -### Deploying Wesher - -We use Wesher to provide an encrypted overlay network between nodes in the cluster. -This is usefull in particular for securing services that are not able to do mTLS, -but as a security-in-depth measure, we make all traffic go through Wesher even when -TLS is done correctly. It is thus mandatory to have a working Wesher installation -in the cluster for it to run correctly. - -First, if no Wesher shared secret key has been generated for this cluster yet, -generate it with: - -``` -./gen_wesher_key <cluster_name> -``` - -This key will be stored in `pass`, so you must have a working `pass` installation -for this script to run correctly. - -Then, deploy the key on all nodes with: - -``` -./deploy_wesher_key <cluster_name> -``` - -This should be done after `./deploy_nixos` has run successfully on all nodes. -You should now have a working Wesher network between all your nodes! - -**When adding a node to the cluster:** just do `./deploy_wesher_key <cluster_name> <name_of_new_node>` - ### Generating and deploying a PKI for Consul and Nomad This is very similar to how we do for Wesher. |