diff --git a/krops.nix b/krops.nix index 351034b..24f6566 100644 --- a/krops.nix +++ b/krops.nix @@ -29,7 +29,7 @@ let inherit target; }; }; in {} -// mkDeploy "core-services-01" "root@core01.rz.ens.wtf" +// mkDeploy "core-services-01" "root@10.1.1.20" // mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf" -// mkDeploy "public-cof" "root@beta.rz.ens.wtf" +// mkDeploy "public-cof" "root@minecraft.beta.rz.ens.wtf" // mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ] diff --git a/machines/core-services-01/monitoring.nix b/machines/core-services-01/monitoring.nix index b355179..6149d24 100644 --- a/machines/core-services-01/monitoring.nix +++ b/machines/core-services-01/monitoring.nix @@ -19,7 +19,7 @@ in text = '' [global] page cache size = 32 - dbengine multihost disk space = 4096 + dbengine multihost disk space = 8192 ''; }; @@ -28,12 +28,20 @@ in group = "netdata"; mode = "0600"; text = '' + # pve01 hypervisor [e245097d-bf52-4f66-9c10-984e8d5ee178] enabled = yes - default history = 5000 + default history = 10000 default memory mode = dbengine health enabled by default = auto allow from = 10.1.1.10 + # public-cof server + [c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe] + enabled = yes + default history = 10000 + default memory mode = dbengine + health enabled by default = auto + allow from = 10.1.1.21 ''; }; diff --git a/machines/core-services-01/secrets/dexGiteaClientSecret.age b/machines/core-services-01/secrets/dexGiteaClientSecret.age index 41ffd35..daef2a2 100644 Binary files a/machines/core-services-01/secrets/dexGiteaClientSecret.age and b/machines/core-services-01/secrets/dexGiteaClientSecret.age differ diff --git a/machines/core-services-01/secrets/droneKeyFile.age b/machines/core-services-01/secrets/droneKeyFile.age index 00703c2..2c12d70 100644 Binary files a/machines/core-services-01/secrets/droneKeyFile.age and b/machines/core-services-01/secrets/droneKeyFile.age differ diff --git a/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age b/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age index 4a352ab..2007cba 100644 --- a/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age +++ b/machines/core-services-01/secrets/keycloakDatabasePasswordFile.age @@ -1,26 +1,26 @@ age-encryption.org/v1 --> ssh-ed25519 lHr4YQ FHOLoe1idBzwzFB5v1UqrVIgIjmyVMqhC60F+7bsslY -+4jeqlOONU712hstLOOU59dHgx48CB3+Z4xn1faH8Q0 --> ssh-ed25519 Wu8JLQ hqwTH7IVS1GTep9tNy6vrUUVtPcVXBxDnJj77S+l/Ek -gmnQhE5wnxQgEhyE18RKKemMQr4ewtRkQRt0bJo8O7Y --> ssh-ed25519 cvTB5g bw+GZVk23ok4lgUF86PqTkZOM7BPNY7foMYYMZSEemU -6BAoCmLYb1oJwPPW3X2AaS3ZOttSxAykOeKIJM/03+k --> ssh-ed25519 /vwQcQ Kqg5WdWhAuxCxMgWPpXWk77utvbIbBdcZXNSOF+a938 -4361sLVjBWOoWqTl7sIktNiulSU4gHnD2Q5gjDkZ2po --> ssh-ed25519 reTIKw abLB9hwppWQhlkAHx3AiFgePvigajethU03CjTu6SUg -sueQMp1LPmF4h1EPsyGrSDH6RoXVXoWm1i3OISZlyPw --> ssh-ed25519 85WiGg T6amGqzBiF7BLhnhPrz8BCu/NDikWBDnRv+UL2Y8mXs -xghk5e+D3O4rX4FT4TNu/bowSj7HCn3Wi4E6F7pseiw +-> ssh-ed25519 lHr4YQ S/Kuy8PdLoLLRDvlDDyuDaGXGb0RMBJKo9XyHK2I0Bg +VFjemRE9hOc/fEol+2OAjM6d/5QLPeeo0ytdgcwa8Zs +-> ssh-ed25519 h6AgbA ParmcGdbVHdvihrEuV+nLBLDnTwKR+zoxc/O0LdrUhA +L1kL6sr4ak1DTTaui9k6tpPJ1p86bKAoOcPwCJu7vr0 +-> ssh-ed25519 Wu8JLQ hTPuIn+IogmX6U16p3EQ/9C/L+X7dZaQaBrEAdq4twM +QhnuGbpuqpFFujNlXSDUDMEGHK875Sr5hHX/q2ShkhU +-> ssh-ed25519 cvTB5g P8av9KTsR9ccIRPz0TABQF3EfeO+cyn+Od+shxeatEk +GnExLTBOicvRs7neFPL/GLxE6hqpdqNV8P4nWRbMjKU +-> ssh-ed25519 /vwQcQ WE0fxso39H7ZyYwJ8eNnmrLgf0xL5AdpHZ1mrvbiPyQ +y4GjFZuYtiGg6cY8ZTOKHbYjjFJoFI5W4IF7np/OB/8 +-> ssh-ed25519 reTIKw LxM4ihcAb5u6rKqtrOUZ7/4XXoMVbf/HHhby/i9Xbn4 +O8KkO/99T2lBttsADSTJE/18ljFrUjrJWhK7peehei8 +-> ssh-ed25519 85WiGg +GtCSdOR7TTwu+zTvwOoRhOE0iLwB7JuFaZkP8cP+Fk +0GCjcBgOPeynvAUDmEioWPJMhZWGchKKukGGXHCBEUU -> ssh-rsa krWCLQ -KDsZM/5myCVtb7RL9Mo1F2WUKzBPhwillBvrIONZKH0dh3mCMjeVfyYTto1NxKxp -GsvYltgLbDggo3ittwQedB9s/JXL5z0+f3DroKVJzw82ti6w3SMpvKiCR2x+5DjH -D4Wzt/CQFujxAMOghKQGlFuCM6nVkpmL9ucgUPEp7ApbNWuc4patJgLpvkE0yj7X -Q4ScTPg86Oh5RFf4Qwa3QhG7IdnIoSSJxK+rK5qZb2vPST9zc2OKZKQXOh2h6hBy -tEAhRYBTu6oqprwYlEWL7dCsbBeHjLmBE6Zvovp51PizZhzub1jCh/fuka1VTFSq -f1oWAdTS3Ow5gXWKoH5TkQ --> +_u~Wjak-grease cU8 ?4 8Y(inxl+ -h+7nxip00iflkCYBX2HvbHYc0SjsLvn4WVYUPzhDGjyauwARfA5zCfuIbGnEcxzF -FOWG9QQzr90JDCkonUjGTJ3N+ykLpiYCvLDJgXZB4MVEONyutwM ---- dZ6ca/xXQAOh82oeOyV/EkjTzK+oUj0YgzGTqyzJ8Rs -a OvF⌞ʛ -JFjj+ \ No newline at end of file +bSk43qTcHFgrS7AeXTzUbx5FO/1YrLuRlm58lcXpTTKcRMZWKmFbPTVNdIvkT4xt +B6HW0OqV/Ks1pbeJUCPRdLwYHYULEC4quRGlgeToXoUQ8zCvcPT6uikpK0Hzne7e +WI5MLdS3vvAPljlSSaPN8gb3yiPgA2IPrHjqIsMNkotGFjUQ/oIyJ8YcDsSfGE2T +Z8+TOj4ZNxPda2hX7mL2x2dJmmQW5FkOVtSpSyvwpkOqPOi6b5vZaWu/GtXzGEhD +SD6SALiqmWkCHb8n588XDqKj8Lj/741R24f8IM8qW9cBz4QClh3Bnrl4gendsUCp +PkQPjniidi/aF6sHhfrSNg +-> |#4-grease y%'e^I RB nBNinf \dob +L2HkuH7S3KtuQN9AWLBL99nJPxVw +--- +QOdyAz8FR0RecYvvkzxv2IzJ9yt89/xePALK3l7sjs +&,NpJ~ ƅ˜*,؆5:i W}m"Q-FJm \ No newline at end of file diff --git a/machines/core-services-01/secrets/oauth2ProxyKeyFile.age b/machines/core-services-01/secrets/oauth2ProxyKeyFile.age index eb729b2..a62c1af 100644 Binary files a/machines/core-services-01/secrets/oauth2ProxyKeyFile.age and b/machines/core-services-01/secrets/oauth2ProxyKeyFile.age differ diff --git a/machines/core-services-01/secrets/secrets.nix b/machines/core-services-01/secrets/secrets.nix index 013b959..9fa8644 100644 --- a/machines/core-services-01/secrets/secrets.nix +++ b/machines/core-services-01/secrets/secrets.nix @@ -2,7 +2,7 @@ let pkgs = import {}; lib = pkgs.lib; readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys"))); - superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd"); + superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "mrf"); core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU"; systems = [ core-services-01 ]; in