Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity

core01: rekey with MrF, add pve01 hypervisor monitoring

Browse source
This commit is contained in:
Raito Bezarius 2022-02-22 23:25:46 +01:00
parent e290a918a0
commit 075cd90fb7
7 changed files with 37 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
krops.nix
View file

@ -29,7 +29,7 @@ let
inherit target; inherit target;
}; }; }; };
in {} in {}
// mkDeploy "core-services-01" "root@core01.rz.ens.wtf" // mkDeploy "core-services-01" "root@10.1.1.20"
// mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf" // mkDeploy "remote-builder-01" "root@nix01.builders.rz.ens.wtf"
// mkDeploy "public-cof" "root@beta.rz.ens.wtf" // mkDeploy "public-cof" "root@minecraft.beta.rz.ens.wtf"
// mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ] // mkTestsConfig [ "core-services-01" "remote-builder-01" "public-cof" ]

12
machines/core-services-01/monitoring.nix
View file

@ -19,7 +19,7 @@ in
text = '' text = ''
[global] [global]
page cache size = 32 page cache size = 32
dbengine multihost disk space = 4096 dbengine multihost disk space = 8192
''; '';
}; };
@ -28,12 +28,20 @@ in
group = "netdata"; group = "netdata";
mode = "0600"; mode = "0600";
text = '' text = ''
# pve01 hypervisor
[e245097d-bf52-4f66-9c10-984e8d5ee178] [e245097d-bf52-4f66-9c10-984e8d5ee178]
enabled = yes enabled = yes
default history = 5000 default history = 10000
default memory mode = dbengine default memory mode = dbengine
health enabled by default = auto health enabled by default = auto
allow from = 10.1.1.10 allow from = 10.1.1.10
# public-cof server
[c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe]
enabled = yes
default history = 10000
default memory mode = dbengine
health enabled by default = auto
allow from = 10.1.1.21
''; '';
}; };

BIN
machines/core-services-01/secrets/dexGiteaClientSecret.age
View file

Binary file not shown.

BIN
machines/core-services-01/secrets/droneKeyFile.age
View file

Binary file not shown.

48
machines/core-services-01/secrets/keycloakDatabasePasswordFile.age
View file

@ -1,26 +1,26 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 lHr4YQ FHOLoe1idBzwzFB5v1UqrVIgIjmyVMqhC60F+7bsslY -> ssh-ed25519 lHr4YQ S/Kuy8PdLoLLRDvlDDyuDaGXGb0RMBJKo9XyHK2I0Bg
+4jeqlOONU712hstLOOU59dHgx48CB3+Z4xn1faH8Q0 VFjemRE9hOc/fEol+2OAjM6d/5QLPeeo0ytdgcwa8Zs
-> ssh-ed25519 Wu8JLQ hqwTH7IVS1GTep9tNy6vrUUVtPcVXBxDnJj77S+l/Ek -> ssh-ed25519 h6AgbA ParmcGdbVHdvihrEuV+nLBLDnTwKR+zoxc/O0LdrUhA
gmnQhE5wnxQgEhyE18RKKemMQr4ewtRkQRt0bJo8O7Y L1kL6sr4ak1DTTaui9k6tpPJ1p86bKAoOcPwCJu7vr0
-> ssh-ed25519 cvTB5g bw+GZVk23ok4lgUF86PqTkZOM7BPNY7foMYYMZSEemU -> ssh-ed25519 Wu8JLQ hTPuIn+IogmX6U16p3EQ/9C/L+X7dZaQaBrEAdq4twM
6BAoCmLYb1oJwPPW3X2AaS3ZOttSxAykOeKIJM/03+k QhnuGbpuqpFFujNlXSDUDMEGHK875Sr5hHX/q2ShkhU
-> ssh-ed25519 /vwQcQ Kqg5WdWhAuxCxMgWPpXWk77utvbIbBdcZXNSOF+a938 -> ssh-ed25519 cvTB5g P8av9KTsR9ccIRPz0TABQF3EfeO+cyn+Od+shxeatEk
4361sLVjBWOoWqTl7sIktNiulSU4gHnD2Q5gjDkZ2po GnExLTBOicvRs7neFPL/GLxE6hqpdqNV8P4nWRbMjKU
-> ssh-ed25519 reTIKw abLB9hwppWQhlkAHx3AiFgePvigajethU03CjTu6SUg -> ssh-ed25519 /vwQcQ WE0fxso39H7ZyYwJ8eNnmrLgf0xL5AdpHZ1mrvbiPyQ
sueQMp1LPmF4h1EPsyGrSDH6RoXVXoWm1i3OISZlyPw y4GjFZuYtiGg6cY8ZTOKHbYjjFJoFI5W4IF7np/OB/8
-> ssh-ed25519 85WiGg T6amGqzBiF7BLhnhPrz8BCu/NDikWBDnRv+UL2Y8mXs -> ssh-ed25519 reTIKw LxM4ihcAb5u6rKqtrOUZ7/4XXoMVbf/HHhby/i9Xbn4
xghk5e+D3O4rX4FT4TNu/bowSj7HCn3Wi4E6F7pseiw O8KkO/99T2lBttsADSTJE/18ljFrUjrJWhK7peehei8
-> ssh-ed25519 85WiGg +GtCSdOR7TTwu+zTvwOoRhOE0iLwB7JuFaZkP8cP+Fk
0GCjcBgOPeynvAUDmEioWPJMhZWGchKKukGGXHCBEUU
-> ssh-rsa krWCLQ -> ssh-rsa krWCLQ
KDsZM/5myCVtb7RL9Mo1F2WUKzBPhwillBvrIONZKH0dh3mCMjeVfyYTto1NxKxp bSk43qTcHFgrS7AeXTzUbx5FO/1YrLuRlm58lcXpTTKcRMZWKmFbPTVNdIvkT4xt
GsvYltgLbDggo3ittwQedB9s/JXL5z0+f3DroKVJzw82ti6w3SMpvKiCR2x+5DjH B6HW0OqV/Ks1pbeJUCPRdLwYHYULEC4quRGlgeToXoUQ8zCvcPT6uikpK0Hzne7e
D4Wzt/CQFujxAMOghKQGlFuCM6nVkpmL9ucgUPEp7ApbNWuc4patJgLpvkE0yj7X WI5MLdS3vvAPljlSSaPN8gb3yiPgA2IPrHjqIsMNkotGFjUQ/oIyJ8YcDsSfGE2T
Q4ScTPg86Oh5RFf4Qwa3QhG7IdnIoSSJxK+rK5qZb2vPST9zc2OKZKQXOh2h6hBy Z8+TOj4ZNxPda2hX7mL2x2dJmmQW5FkOVtSpSyvwpkOqPOi6b5vZaWu/GtXzGEhD
tEAhRYBTu6oqprwYlEWL7dCsbBeHjLmBE6Zvovp51PizZhzub1jCh/fuka1VTFSq SD6SALiqmWkCHb8n588XDqKj8Lj/741R24f8IM8qW9cBz4QClh3Bnrl4gendsUCp
f1oWAdTS3Ow5gXWKoH5TkQ PkQPjniidi/aF6sHhfrSNg
-> +_u~Wjak-grease cU8 ?4 8Y(inxl+ -> |#4-grease y%'e^I RB nBNinf \dob
h+7nxip00iflkCYBX2HvbHYc0SjsLvn4WVYUPzhDGjyauwARfA5zCfuIbGnEcxzF L2HkuH7S3KtuQN9AWLBL99nJPxVw
FOWG9QQzr90JDCkonUjGTJ3N+ykLpiYCvLDJgXZB4MVEONyutwM --- +QOdyAz8FR0RecYvvkzxv2IzJ9yt89/xePALK3l7sjs
--- dZ6ca/xXQAOh82oeOyV/EkjTzK+oUj0YgzGTqyzJ8Rs ¥&,ÙN—pJ<70>î~ê ƅߘ*,؆5:i W}Žÿm"„Q¦-FJm
a™éæ OvF·âŒžúÞñÃúÓÊ
¤¦ÄÃJF¾»ÈÐßjëjŒ+

BIN
machines/core-services-01/secrets/oauth2ProxyKeyFile.age
View file

Binary file not shown.

2
machines/core-services-01/secrets/secrets.nix
View file

@ -2,7 +2,7 @@ let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
lib = pkgs.lib; lib = pkgs.lib;
readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys"))); readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys")));
superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd"); superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "mrf");
core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU"; core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU";
systems = [ core-services-01 ]; systems = [ core-services-01 ];
in in