oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Misc updates to stokes

Browse Source
This commit is contained in:
Jonas Juselius
2021-06-12 11:46:35 +02:00
parent 0eaf306888
commit 20909aa8da
4 changed files with 49 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
clusters/stokes/cluster.nix
View File

@@ -171,7 +171,8 @@ let
uid=`id -u` uid=`id -u`
port=$((9000+$uid)) port=$((9000+$uid))
shell=`getent passwd $(id -un) | awk -F : '{print $NF}'` shell=`getent passwd $(id -un) | awk -F : '{print $NF}'`
vnc=${pkgs.tigervnc}/bin/vncserver # vnc=${pkgs.tigervnc}/bin/vncserver
vnc=/nix/store/czp2b60dwk75widi8y287hr0xx1wgv2a-tigervnc-1.10.1/bin/vncserver
case $1 in case $1 in
-p|--port) shift; port=$1 ;; -p|--port) shift; port=$1 ;;

22
clusters/stokes/default.nix
View File

@@ -46,6 +46,7 @@ let
webUI.allow = [ webUI.allow = [
"10.1.2.0/24" "10.1.2.0/24"
"172.19.254.0/24" "172.19.254.0/24"
"172.19.255.0/24"
]; ];
infiniband-exporter = { infiniband-exporter = {
enable = true; enable = true;
@@ -140,6 +141,27 @@ let
smtp_from = "noreply@stokes.regnekraft.io"; smtp_from = "noreply@stokes.regnekraft.io";
}; };
services.nginx = {
virtualHosts = {
"ds.matnoc.regnekraft.io" = {
forceSSL = true;
enableACME = true;
serverAliases = [];
locations."/" = {
proxyPass = "http://127.0.0.1:9088";
proxyWebsockets = false;
extraConfig = ''
allow 10.1.2.0/24;
allow 172.19.254.0/24;
allow 172.19.255.0/24;
deny all;
'';
};
};
};
};
imports = [ ./cluster.nix ./hw/frontend.nix ]; imports = [ ./cluster.nix ./hw/frontend.nix ];
}; };

25
clusters/stokes/users.nix
View File

@@ -14,6 +14,7 @@
ovanov = { gid = 1009; }; ovanov = { gid = 1009; };
bast = { gid = 1010; }; bast = { gid = 1010; };
marius = { gid = 1011; }; marius = { gid = 1011; };
michael = { gid = 1012; };
# @grp@ # @grp@
sif = { sif = {
@@ -61,6 +62,7 @@
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3"
]; ];
}; };
@@ -169,7 +171,9 @@
uid = 1007; uid = 1007;
isNormalUser = true; isNormalUser = true;
createHome = true; createHome = true;
openssh.authorizedKeys.keys = []; openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhrMpKwIKQoANoB0I7X9IXGVpfPVvjFjeuT7RGKO+XghSm88B0RTeBeiEcwp1fADUTdzbd00YhrWLIBSl3z/fyhG/k/EyOadNYn0BFenJ9IBxBFo/Nyhbfg1jKAO/OLN7S6WFWPvJzE/G6UP/wN1QBeJmM1iEIuorwwTifMGD0nM1DaQA9R9Ji56yn6Kzl2wym0z0WKyqrn+vTBh3YXJljEFboeuWlBL/a7R7W6XxJHPo0wZzKxE7mdEQqqGXioTUTPgyBLK1duS0YjWuMS/pfkMIji0kD50QtlA72h2p++43ZS1NpFK9d8q7C2ZxE/RlxAFGwUcKGhEIUdk3JRhfcQ== rsa-key-20210429"
];
}; };
eli = { eli = {
@@ -220,6 +224,7 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbrEhm1acesXmbgfO5lN1gcTFXqusq61QyCZXunYJpl" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbrEhm1acesXmbgfO5lN1gcTFXqusq61QyCZXunYJpl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdcJteh9d/N1o8BbdEMRVxeMjm28saon/Oh2tV0+TYj" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdcJteh9d/N1o8BbdEMRVxeMjm28saon/Oh2tV0+TYj"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEg6tHlB5xco85d4XJja71hz1nEe9wFF1+ht8oKULkwh"
]; ];
}; };
@@ -240,6 +245,24 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8Q96rG6C8oX1fjW32yX0bPC3MOz2A6rUCPpoA5KqL0psJvA1ielUupBgo2uBlHG8UHOit5Ui23JVm4t/k7Czv0vbZ+Vx2qk52H1A+KKZByBWgEo+o+PpXZVNEfn6jQvVTOwSDSxTIO8UIMdFIfHjbYlpBN9JobK4b9OH3CUnnuqBxHtkef6dzy9XIDL8dX7HXK4/UcfoMy07gB/p/9Ij8i8CMlH7tX1IFJ7rICz2qsW5iSMpqOnClhyBYlm5VQ3OskLgTnTfBbNCTGkxuQlRpucqxW0J9Bas083N3TFWWhSHqnxTYlYmwAs+f07nIJpgOMYOPvHWIuiG1QvzIC2me/Hi0bbKd47HRwtLe0cMFItixv4ex9vvc8TOYwxruODnzAoeNT+Wn6MOEu44PXk5LezmGPhWLX0oaNNkiEFv4XQ4walZVJgiPmmLWgh0jit+D4omXlbUL8tHua5Ep+5InCOF4h8fisLXiJnzVkIo3teHJohXWs5ZkzowXHl4EmIDUlkEyVocFRodYmqkPDQWLb8pmWNbA5HIB9g/7Px1+8brTyhBcH80BRSmLfRR0nXPEwFupjuqfEQPgrRCT45QBA80OlmTMWcwO4fwZOeP+VPLalot7SHyjIivWb3LjLlasAU8w7QZbYa9MGoufVgOSsIi4Pgcwv+jK2cACWR24AQ== marius.indreberg@itpartner.no" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8Q96rG6C8oX1fjW32yX0bPC3MOz2A6rUCPpoA5KqL0psJvA1ielUupBgo2uBlHG8UHOit5Ui23JVm4t/k7Czv0vbZ+Vx2qk52H1A+KKZByBWgEo+o+PpXZVNEfn6jQvVTOwSDSxTIO8UIMdFIfHjbYlpBN9JobK4b9OH3CUnnuqBxHtkef6dzy9XIDL8dX7HXK4/UcfoMy07gB/p/9Ij8i8CMlH7tX1IFJ7rICz2qsW5iSMpqOnClhyBYlm5VQ3OskLgTnTfBbNCTGkxuQlRpucqxW0J9Bas083N3TFWWhSHqnxTYlYmwAs+f07nIJpgOMYOPvHWIuiG1QvzIC2me/Hi0bbKd47HRwtLe0cMFItixv4ex9vvc8TOYwxruODnzAoeNT+Wn6MOEu44PXk5LezmGPhWLX0oaNNkiEFv4XQ4walZVJgiPmmLWgh0jit+D4omXlbUL8tHua5Ep+5InCOF4h8fisLXiJnzVkIo3teHJohXWs5ZkzowXHl4EmIDUlkEyVocFRodYmqkPDQWLb8pmWNbA5HIB9g/7Px1+8brTyhBcH80BRSmLfRR0nXPEwFupjuqfEQPgrRCT45QBA80OlmTMWcwO4fwZOeP+VPLalot7SHyjIivWb3LjLlasAU8w7QZbYa9MGoufVgOSsIi4Pgcwv+jK2cACWR24AQ== marius.indreberg@itpartner.no"
]; ];
}; };
michael = {
description = "Ka Hin (Michael) Lau";
home = "/home/michael";
group = "michael";
extraGroups = [
"users"
"docker"
];
uid = 1012;
isNormalUser = true;
createHome = true;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0M91PbrPNi68wyQAsv+VWCSfGTLEALVu91O1b3p/pX45u4H2GzZ+I8KsXEWr/bkaH4OiZZHU+4oyrhSMvrquXTfPSBEkW9KXKGauAuQfvALhHenUbO7j25uyzq5MCiTtE7hmkPwNMqXhXkqqvbt8NC5qAyCf632iSJv6wDdAoW6gRocAJrqa1NMkdZ8gKAkUVVa8Wip3LUx00ybpoezH3YJTxwe3WNqy+WrNDVpzn7MgJaG0UIYqyFVPUbnvWEqzw0gHQWOFQoWe6vtlYME24rE5Sq+sCGwys+aJd5T5rUIITwcKfmS/4JJ27O6Sy8/qMJDnhDl+ROaQYFnVZjTjxvedt85Yplrl4CbKbObhwThZDs00BZ+31OLVh6/Di01SVxGkGzHNlJL0gTEN4t8VujbySzJkX4OKzlBYuzYQLKKnThQM7VUc95nYEEIbPE4MfWk3oBSpRRpqrCXYTjI0iV/JpdkSFjozX17Q7hNYVKfSpwzHaQXTWdQ/0eyEAeJs="
];
};
# @usr@ # @usr@
}; };

2
scripts/restart-kubernetes.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
master="etcd kube-apiserver kube-scheduler kube-controller-manager kube-addon-manager" master="etcd kube-apiserver kube-scheduler kube-controller-manager"
node="kube-proxy kubelet kube-certmgr-apitoken-bootstrap" node="kube-proxy kubelet kube-certmgr-apitoken-bootstrap"
nodes="@nodes@" nodes="@nodes@"