11 files changed, 122 insertions, 48 deletions
diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl
index b6ea7f6..68edc94 100644
--- a/cluster/prod/app/garage/deploy/garage.hcl
+++ b/cluster/prod/app/garage/deploy/garage.hcl
@@ -80,9 +80,9 @@ job "garage" {
       #### Configuration for service ports: admin port (internal use only)
 
       service {
+        name = "garage-admin"
         port = "admin"
         address_mode = "host"
-        name = "garage-admin"
         # Check that Garage is alive and answering TCP connections
         check {
           type = "tcp"
@@ -96,18 +96,19 @@ job "garage" {
         }
       }
 
-      #### Configuration for service ports: externally available ports (API, web)
+      #### Configuration for service ports: externally available ports (S3 API, K2V, web)
 
       service {
+        name = "garage-api"
         tags = [
           "garage_api",
           "tricot garage.deuxfleurs.fr",
           "tricot *.garage.deuxfleurs.fr",
+          "tricot-on-demand-tls-ask http://garage-admin.service.prod.consul:3903/check",
           "tricot-site-lb",
         ]
         port = "s3"
         address_mode = "host"
-        name = "garage-api"
         # Check 1: Garage is alive and answering TCP connections
         check {
           name = "garage-api-live"
@@ -132,6 +133,39 @@ job "garage" {
       }
 
       service {
+        name = "garage-k2v"
+        tags = [
+          "garage_k2v",
+          "tricot k2v.deuxfleurs.fr",
+          "tricot-site-lb",
+        ]
+        port = "k2v"
+        address_mode = "host"
+        # Check 1: Garage is alive and answering TCP connections
+        check {
+          name = "garage-k2v-live"
+          type = "tcp"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+        # Check 2: Garage is in a healthy state and requests should be routed here
+        check {
+          name = "garage-k2v-healthy"
+          port = "admin"
+          type = "http"
+          path = "/health"
+          interval = "60s"
+          timeout = "5s"
+        }
+      }
+
+      service {
+        name = "garage-web"
         tags = [
             "garage-web",
             "tricot * 1",
@@ -144,7 +178,6 @@ job "garage" {
         ]
         port = "web"
         address_mode = "host"
-        name = "garage-web"
         # Check 1: Garage is alive and answering TCP connections
         check {
           name = "garage-web-live"
@@ -183,39 +216,6 @@ job "garage" {
         port = "web"
         on_update = "ignore"
       }
-          
-
-      service {
-        tags = [
-          "garage_k2v",
-          "tricot k2v.deuxfleurs.fr",
-          "tricot-site-lb",
-        ]
-        port = "k2v"
-        address_mode = "host"
-        name = "garage-k2v"
-        # Check 1: Garage is alive and answering TCP connections
-        check {
-          name = "garage-k2v-live"
-          type = "tcp"
-          interval = "60s"
-          timeout = "5s"
-          check_restart {
-            limit = 3
-            grace = "90s"
-            ignore_warnings = false
-          }
-        }
-        # Check 2: Garage is in a healthy state and requests should be routed here
-        check {
-          name = "garage-k2v-healthy"
-          port = "admin"
-          type = "http"
-          path = "/health"
-          interval = "60s"
-          timeout = "5s"
-        }
-      }
     }
   }
 }
diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix
index 4b9b41a..c5008e6 100644
--- a/cluster/prod/cluster.nix
+++ b/cluster/prod/cluster.nix
@@ -75,6 +75,24 @@
       address = "10.83.4.2";
       endpoint = "82.65.41.110:33742";
     };
+    "onion" = {
+      siteName = "dathomir";
+      publicKey = "gpeqalqAUaYlMuebv3glQeZyE64+OpkyIHFhfStJQA4=";
+      address = "10.83.5.1";
+      endpoint = "82.64.238.84:33740";
+    };
+    "oseille" = {
+      siteName = "dathomir";
+      publicKey = "T87GzAQt02i00iOMbEm7McA/VL9OBrG/kCrgoNh5MmY=";
+      address = "10.83.5.2";
+      endpoint = "82.64.238.84:33741";
+    };
+    "io" = {
+      siteName = "dathomir";
+      publicKey = "3+VvWJtABOAd6zUCMROhqGbNtkQRtoIkVmYn0M81jQw=";
+      address = "10.83.5.3";
+      endpoint = "82.64.238.84:33742";
+    };
   };
 
   # Pin Nomad version
diff --git a/cluster/prod/known_hosts b/cluster/prod/known_hosts
index 1c80749..3b6bf7f 100644
--- a/cluster/prod/known_hosts
+++ b/cluster/prod/known_hosts
@@ -9,3 +9,6 @@ concombre.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkC
 courgette.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
 abricot.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhHUQtc5lukPMFkiWf/sTgaUpwNFXHCJoQKu4ooRFy+
 ananas.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs0zAyBy70oyV56qaMaMAKR7VjEDnsm5LEyZJbM95BL
+onion.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjBQ67fxwuDDzRPveTko/Sgf0cev3tIvlr3CfAmhF0C
+oseille.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAgQdQ5UVFFn+DXN90ut9+V7NtEopQJnES3r8soKTZW4
+io.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIvgCJ7Jew7ou1RZuaT41Sd+ucZAgxUwtdieqNqoC3+T
diff --git a/cluster/prod/node/io.nix b/cluster/prod/node/io.nix
new file mode 100644
index 0000000..e6d3c3a
--- /dev/null
+++ b/cluster/prod/node/io.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  services.openssh.ports = [ 22 33603 ];
+
+  deuxfleurs.hostName = "io";
+  deuxfleurs.staticIPv4.address = "192.168.1.36";
+  deuxfleurs.staticIPv6.address = "2a01:e0a:5e4:1d0:52e5:49ff:fe5c:5f35";
+}
diff --git a/cluster/prod/node/io.site.nix b/cluster/prod/node/io.site.nix
new file mode 120000
index 0000000..5e41391
--- /dev/null
+++ b/cluster/prod/node/io.site.nix
@@ -0,0 +1 @@
+../site/dathomir.nix
+\ No newline at end of file
diff --git a/cluster/prod/node/onion.nix b/cluster/prod/node/onion.nix
new file mode 100644
index 0000000..8b6f8d6
--- /dev/null
+++ b/cluster/prod/node/onion.nix
@@ -0,0 +1,12 @@
+{ ... }:
+{
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  services.openssh.ports = [ 22 33601 ];
+
+  deuxfleurs.hostName = "onion";
+  deuxfleurs.staticIPv4.address = "192.168.1.34";
+  deuxfleurs.staticIPv6.address = "2a01:e0a:5e4:1d0:223:24ff:feb0:e866";
+}
diff --git a/cluster/prod/node/onion.site.nix b/cluster/prod/node/onion.site.nix
new file mode 120000
index 0000000..5e41391
--- /dev/null
+++ b/cluster/prod/node/onion.site.nix
@@ -0,0 +1 @@
+../site/dathomir.nix
+\ No newline at end of file
diff --git a/cluster/prod/node/oseille.nix b/cluster/prod/node/oseille.nix
new file mode 100644
index 0000000..b0f7723
--- /dev/null
+++ b/cluster/prod/node/oseille.nix
@@ -0,0 +1,12 @@
+{ ... }:
+{
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.timeout = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  services.openssh.ports = [ 22 33602 ];
+
+  deuxfleurs.hostName = "oseille";
+  deuxfleurs.staticIPv4.address = "192.168.1.35";
+  deuxfleurs.staticIPv6.address = "2a01:e0a:5e4:1d0:223:24ff:feaf:f90b";
+}
diff --git a/cluster/prod/node/oseille.site.nix b/cluster/prod/node/oseille.site.nix
new file mode 120000
index 0000000..5e41391
--- /dev/null
+++ b/cluster/prod/node/oseille.site.nix
@@ -0,0 +1 @@
+../site/dathomir.nix
+\ No newline at end of file
diff --git a/cluster/prod/site/dathomir.nix b/cluster/prod/site/dathomir.nix
new file mode 100644
index 0000000..87d9b56
--- /dev/null
+++ b/cluster/prod/site/dathomir.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  deuxfleurs.siteName = "dathomir";
+  deuxfleurs.cnameTarget = "dathomir.site.deuxfleurs.fr";
+  deuxfleurs.publicIPv4 = "82.64.238.84";
+  deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1";
+}
diff --git a/cluster/prod/ssh_config b/cluster/prod/ssh_config
index 37b8953..d7aeafd 100644
--- a/cluster/prod/ssh_config
+++ b/cluster/prod/ssh_config
@@ -1,35 +1,43 @@
 UserKnownHostsFile ./cluster/prod/known_hosts
 
 Host concombre
-	HostName concombre.machine.deuxfleurs.fr
+  HostName concombre.machine.deuxfleurs.fr
 
 Host courgette
-	HostName courgette.machine.deuxfleurs.fr
+  HostName courgette.machine.deuxfleurs.fr
 
 Host celeri
-	HostName celeri.machine.deuxfleurs.fr
+  HostName celeri.machine.deuxfleurs.fr
 
 Host dahlia
-    HostName dahlia.machine.deuxfleurs.fr
+  HostName dahlia.machine.deuxfleurs.fr
 
 Host diplotaxis
-    HostName diplotaxis.machine.deuxfleurs.fr
+  HostName diplotaxis.machine.deuxfleurs.fr
 
 Host doradille
-    HostName doradille.machine.deuxfleurs.fr
+  HostName doradille.machine.deuxfleurs.fr
 
 Host df-ykl
-    HostName df-ykl.machine.deuxfleurs.fr
+  HostName df-ykl.machine.deuxfleurs.fr
 
 Host df-ymf
-    HostName df-ymf.machine.deuxfleurs.fr
+  HostName df-ymf.machine.deuxfleurs.fr
 
 Host df-ymk
-    HostName df-ymk.machine.deuxfleurs.fr
+  HostName df-ymk.machine.deuxfleurs.fr
 
 Host abricot
-    HostName abricot.machine.deuxfleurs.fr
+  HostName abricot.machine.deuxfleurs.fr
 
 Host ananas
-	HostName ananas.machine.deuxfleurs.fr
+  HostName ananas.machine.deuxfleurs.fr
 
+Host onion
+  HostName onion.machine.deuxfleurs.fr
+
+Host oseille
+  HostName oseille.machine.deuxfleurs.fr
+
+Host io
+  HostName io.machine.deuxfleurs.fr