From 20909aa8dac940c031fd69e6b51c9802d313aa9a Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Sat, 12 Jun 2021 11:46:35 +0200 Subject: [PATCH] Misc updates to stokes --- clusters/stokes/cluster.nix | 3 ++- clusters/stokes/default.nix | 22 ++++++++++++++++++++++ clusters/stokes/users.nix | 25 ++++++++++++++++++++++++- scripts/restart-kubernetes.sh | 2 +- 4 files changed, 49 insertions(+), 3 deletions(-) diff --git a/clusters/stokes/cluster.nix b/clusters/stokes/cluster.nix index 334fec7..dbdda37 100644 --- a/clusters/stokes/cluster.nix +++ b/clusters/stokes/cluster.nix @@ -171,7 +171,8 @@ let uid=`id -u` port=$((9000+$uid)) shell=`getent passwd $(id -un) | awk -F : '{print $NF}'` - vnc=${pkgs.tigervnc}/bin/vncserver + # vnc=${pkgs.tigervnc}/bin/vncserver + vnc=/nix/store/czp2b60dwk75widi8y287hr0xx1wgv2a-tigervnc-1.10.1/bin/vncserver case $1 in -p|--port) shift; port=$1 ;; diff --git a/clusters/stokes/default.nix b/clusters/stokes/default.nix index a4b393a..b9d72f7 100644 --- a/clusters/stokes/default.nix +++ b/clusters/stokes/default.nix @@ -46,6 +46,7 @@ let webUI.allow = [ "10.1.2.0/24" "172.19.254.0/24" + "172.19.255.0/24" ]; infiniband-exporter = { enable = true; @@ -140,6 +141,27 @@ let smtp_from = "noreply@stokes.regnekraft.io"; }; + services.nginx = { + virtualHosts = { + "ds.matnoc.regnekraft.io" = { + forceSSL = true; + enableACME = true; + serverAliases = []; + locations."/" = { + proxyPass = "http://127.0.0.1:9088"; + proxyWebsockets = false; + extraConfig = '' + allow 10.1.2.0/24; + allow 172.19.254.0/24; + allow 172.19.255.0/24; + deny all; + ''; + }; + }; + }; + }; + + imports = [ ./cluster.nix ./hw/frontend.nix ]; }; diff --git a/clusters/stokes/users.nix b/clusters/stokes/users.nix index f960a4b..0643170 100644 --- a/clusters/stokes/users.nix +++ b/clusters/stokes/users.nix @@ -14,6 +14,7 @@ ovanov = { gid = 1009; }; bast = { gid = 1010; }; marius = { gid = 1011; }; + michael = { gid = 1012; }; # @grp@ sif = { @@ -61,6 +62,7 @@ shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3" ]; }; @@ -169,7 +171,9 @@ uid = 1007; isNormalUser = true; createHome = true; - openssh.authorizedKeys.keys = []; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhrMpKwIKQoANoB0I7X9IXGVpfPVvjFjeuT7RGKO+XghSm88B0RTeBeiEcwp1fADUTdzbd00YhrWLIBSl3z/fyhG/k/EyOadNYn0BFenJ9IBxBFo/Nyhbfg1jKAO/OLN7S6WFWPvJzE/G6UP/wN1QBeJmM1iEIuorwwTifMGD0nM1DaQA9R9Ji56yn6Kzl2wym0z0WKyqrn+vTBh3YXJljEFboeuWlBL/a7R7W6XxJHPo0wZzKxE7mdEQqqGXioTUTPgyBLK1duS0YjWuMS/pfkMIji0kD50QtlA72h2p++43ZS1NpFK9d8q7C2ZxE/RlxAFGwUcKGhEIUdk3JRhfcQ== rsa-key-20210429" + ]; }; eli = { @@ -220,6 +224,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbrEhm1acesXmbgfO5lN1gcTFXqusq61QyCZXunYJpl" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdcJteh9d/N1o8BbdEMRVxeMjm28saon/Oh2tV0+TYj" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEg6tHlB5xco85d4XJja71hz1nEe9wFF1+ht8oKULkwh" ]; }; @@ -240,6 +245,24 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8Q96rG6C8oX1fjW32yX0bPC3MOz2A6rUCPpoA5KqL0psJvA1ielUupBgo2uBlHG8UHOit5Ui23JVm4t/k7Czv0vbZ+Vx2qk52H1A+KKZByBWgEo+o+PpXZVNEfn6jQvVTOwSDSxTIO8UIMdFIfHjbYlpBN9JobK4b9OH3CUnnuqBxHtkef6dzy9XIDL8dX7HXK4/UcfoMy07gB/p/9Ij8i8CMlH7tX1IFJ7rICz2qsW5iSMpqOnClhyBYlm5VQ3OskLgTnTfBbNCTGkxuQlRpucqxW0J9Bas083N3TFWWhSHqnxTYlYmwAs+f07nIJpgOMYOPvHWIuiG1QvzIC2me/Hi0bbKd47HRwtLe0cMFItixv4ex9vvc8TOYwxruODnzAoeNT+Wn6MOEu44PXk5LezmGPhWLX0oaNNkiEFv4XQ4walZVJgiPmmLWgh0jit+D4omXlbUL8tHua5Ep+5InCOF4h8fisLXiJnzVkIo3teHJohXWs5ZkzowXHl4EmIDUlkEyVocFRodYmqkPDQWLb8pmWNbA5HIB9g/7Px1+8brTyhBcH80BRSmLfRR0nXPEwFupjuqfEQPgrRCT45QBA80OlmTMWcwO4fwZOeP+VPLalot7SHyjIivWb3LjLlasAU8w7QZbYa9MGoufVgOSsIi4Pgcwv+jK2cACWR24AQ== marius.indreberg@itpartner.no" ]; }; + + michael = { + description = "Ka Hin (Michael) Lau"; + home = "/home/michael"; + group = "michael"; + extraGroups = [ + "users" + "docker" + ]; + uid = 1012; + isNormalUser = true; + createHome = true; + useDefaultShell = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0M91PbrPNi68wyQAsv+VWCSfGTLEALVu91O1b3p/pX45u4H2GzZ+I8KsXEWr/bkaH4OiZZHU+4oyrhSMvrquXTfPSBEkW9KXKGauAuQfvALhHenUbO7j25uyzq5MCiTtE7hmkPwNMqXhXkqqvbt8NC5qAyCf632iSJv6wDdAoW6gRocAJrqa1NMkdZ8gKAkUVVa8Wip3LUx00ybpoezH3YJTxwe3WNqy+WrNDVpzn7MgJaG0UIYqyFVPUbnvWEqzw0gHQWOFQoWe6vtlYME24rE5Sq+sCGwys+aJd5T5rUIITwcKfmS/4JJ27O6Sy8/qMJDnhDl+ROaQYFnVZjTjxvedt85Yplrl4CbKbObhwThZDs00BZ+31OLVh6/Di01SVxGkGzHNlJL0gTEN4t8VujbySzJkX4OKzlBYuzYQLKKnThQM7VUc95nYEEIbPE4MfWk3oBSpRRpqrCXYTjI0iV/JpdkSFjozX17Q7hNYVKfSpwzHaQXTWdQ/0eyEAeJs=" + ]; + }; # @usr@ }; diff --git a/scripts/restart-kubernetes.sh b/scripts/restart-kubernetes.sh index 2b04d8c..feb1508 100755 --- a/scripts/restart-kubernetes.sh +++ b/scripts/restart-kubernetes.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -master="etcd kube-apiserver kube-scheduler kube-controller-manager kube-addon-manager" +master="etcd kube-apiserver kube-scheduler kube-controller-manager" node="kube-proxy kubelet kube-certmgr-apitoken-bootstrap" nodes="@nodes@"