diff --git a/data/nomad/caddy.nomad b/data/nomad/caddy.nomad new file mode 100644 index 0000000..7235cd3 --- /dev/null +++ b/data/nomad/caddy.nomad @@ -0,0 +1,100 @@ +job "caddy" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "caddy" { + count = 1 + + volume "caddyfile" { + type = "host" + read_only = false + source = "caddyfile" + } + + volume "caddy-data" { + type = "host" + read_only = false + source = "caddy-data" + } + + restart { + attempts = 2 + interval = "2m" + delay = "1m" + mode = "fail" + } + + network { + port "http" { + static = 80 + to = 80 + host_network = "public" + } + + port "https" { + static = 443 + to = 443 + host_network = "public" + } + + port "config" { + static = 2019 + to = 2019 + } + + dns { + servers = ["100.80.195.56"] + } + } + + ### + # CADDY + ### + + task "caddy" { + driver = "docker" + + volume_mount { + volume = "caddyfile" + destination = "/etc/caddy/Caddyfile" + read_only = false + } + + volume_mount { + volume = "caddy-data" + destination = "/data" + read_only = false + } + + env { + } + + config { + image = "caddy:2.3.0-alpine" + ports = ["http", "https", "config"] + volumes = [ + "/mnt/vatnajokull/lajuntament-web:/sites/lajuntament-web", + "/mnt/vatnajokull/folkugat-web:/sites/folkugat-web", + ] + } + + resources { + cpu = 500 + memory = 128 + } + + service { + name = "caddy" + + check { + type = "tcp" + port = "http" + interval = "30s" + timeout = "2s" + } + } + } + } +} + diff --git a/data/nomad/dns.nomad b/data/nomad/dns.nomad new file mode 100644 index 0000000..4596ac6 --- /dev/null +++ b/data/nomad/dns.nomad @@ -0,0 +1,112 @@ +job "dns" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "dns" { + count = 1 + + restart { + attempts = 10 + delay = "15s" + } + + # VOLUMES + ## pihole + + volume "pihole" { + type = "host" + read_only = false + source = "dns-pihole" + } + + volume "dnsmasq" { + type = "host" + read_only = false + source = "dns-dnsmasq" + } + + ## unbound + + volume "unbound" { + type = "host" + read_only = false + source = "dns-unbound" + } + + # NETWORK + + network { + port "dns" { + static = 53 + } + port "http" { + to = 80 + } + port "unbound" { + static = 5533 + } + } + + # TASKS + + task "pihole" { + driver = "docker" + + volume_mount { + volume = "pihole" + destination = "/etc/pihole" + read_only = false + } + + volume_mount { + volume = "dnsmasq" + destination = "/etc/dnsmasq.d" + read_only = false + } + + env { + TZ = "Europe/Amsterdam" + WEBPASSWORD = "elbonfeix" + ServerIP = "100.80.195.56" + } + + config { + image = "pihole/pihole:v5.7" + ports = ["dns", "http"] + } + + resources { + cpu = 100 + memory = 32 + } + + service { + name = "pihole-gui" + port = "http" + } + } + + task "unbound" { + driver = "docker" + + volume_mount { + volume = "unbound" + destination = "/opt/unbound/etc/unbound/" + read_only = false + } + + config { + image = "mvance/unbound:latest" + ports = ["unbound"] + } + + resources { + cpu = 50 + memory = 32 + } + } + + } +} + diff --git a/data/nomad/gitea.nomad b/data/nomad/gitea.nomad new file mode 100644 index 0000000..7577644 --- /dev/null +++ b/data/nomad/gitea.nomad @@ -0,0 +1,71 @@ +job "gitea" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "gitea" { + count = 1 + + restart { + attempts = 5 + delay = "1m" + } + + network { + port "http" { + to = 3000 + } + port "ssh" { + static = 2222 + to = 22 + host_network = "public" + } + } + + task "gitea" { + driver = "docker" + + env { + USER_UID = "1001" + USER_GID = "1001" + } + + config { + image = "gitea/gitea:latest" + ports = ["http", "ssh"] + volumes = ["/mnt/vatnajokull/nomad_volumes/gitea/data:/data"] + } + + resources { + cpu = 1000 + memory = 256 + } + + service { + name = "gitea" + port = "http" + + check { + type = "tcp" + port = "http" + interval = "30s" + timeout = "2s" + } + } + + service { + name = "gitea-ssh" + port = "ssh" + + check { + type = "tcp" + port = "ssh" + interval = "30s" + timeout = "2s" + } + } + + } + } +} + diff --git a/data/nomad/lwt.nomad b/data/nomad/lwt.nomad new file mode 100644 index 0000000..f96d63e --- /dev/null +++ b/data/nomad/lwt.nomad @@ -0,0 +1,106 @@ +job "lwt" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "lwt" { + count = 1 + + restart { + attempts = 10 + delay = "30s" + } + + # VOLUMES + + volume "lwt-mariadb" { + type = "host" + read_only = false + source = "lwt-mariadb" + } + + volume "lwt" { + type = "host" + read_only = false + source = "lwt" + } + + # NETWORK + + network { + port "lwt" { + to = 80 + } + port "mariadb" { + static = 33306 + to = 3306 + } + } + + # TASKS + + task "mariadb" { + driver = "docker" + + user = 1001 + + volume_mount { + volume = "lwt-mariadb" + destination = "/var/lib/mysql" + read_only = false + } + + env { + MYSQL_ALLOW_EMPTY_PASSWORD = "no" + MYSQL_ROOT_PASSWORD = "root" + } + + config { + image = "mariadb:10.7" + ports = ["mariadb"] + } + + resources { + cpu = 100 + memory = 128 + } + } + + task "lwt" { + driver = "docker" + + config { + image = "ghcr.io/hugofara/lwt:master" + ports = ["lwt"] + } + + volume_mount { + volume = "lwt" + destination = "/var/www/html/media" + read_only = false + } + + env { + DB_HOST = "${attr.unique.network.ip-address}:33306" # "100.91.225.117" + } + + resources { + cpu = 100 + memory = 128 + } + + service { + name = "lwt" + port = "lwt" + + check { + type = "tcp" + port = "lwt" + interval = "30s" + timeout = "10s" + } + } + } + + } +} diff --git a/data/nomad/minecraft.nomad b/data/nomad/minecraft.nomad new file mode 100644 index 0000000..2b0caae --- /dev/null +++ b/data/nomad/minecraft.nomad @@ -0,0 +1,71 @@ +job "minecraft" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "minecraft" { + count = 1 + + volume "minecraft" { + type = "host" + read_only = false + source = "minecraft" + } + + restart { + attempts = 2 + interval = "2m" + delay = "1m" + mode = "fail" + } + + network { + port "server" { + static = 25565 + to = 25565 + host_network = "minecraft" + } + } + + ### + # MINECRAFT SERVER + ### + + task "minecraft" { + driver = "docker" + + volume_mount { + volume = "minecraft" + destination = "/data" + read_only = false + } + + env { + EULA = "TRUE" + TZ = "Europe/Madrid" + } + + config { + image = "itzg/minecraft-server" + ports = ["server"] + } + + resources { + cpu = 2800 + memory = 1900 + } + + service { + name = "minecraft" + + check { + type = "tcp" + port = "server" + interval = "30s" + timeout = "2s" + } + } + } + } +} + diff --git a/data/nomad/moimoin.nomad b/data/nomad/moimoin.nomad new file mode 100644 index 0000000..12f7241 --- /dev/null +++ b/data/nomad/moimoin.nomad @@ -0,0 +1,133 @@ +job "moimoin" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "moimoin" { + count = 1 + + restart { + attempts = 10 + delay = "30s" + } + + # VOLUMES + + volume "mysql" { + type = "host" + read_only = false + source = "moimoin" + } + + # NETWORK + + network { + port "moimoin-front" { + to = 5000 + } + port "moimoin-back" { + to = 3000 + } + port "mysql" { + static = 33306 + to = 3306 + } + } + + # TASKS + + task "mysql" { + driver = "docker" + + user = 1001 + + volume_mount { + volume = "mysql" + destination = "/var/lib/mysql" + read_only = false + } + + env { + MYSQL_DATABASE = "xat-osr" + MYSQL_ROOT_PASSWORD = "estrell4galicia" + } + + config { + image = "arm64v8/mysql:latest" + ports = ["mysql"] + } + + resources { + cpu = 500 + memory = 512 + } + } + + task "moimoin-back" { + driver = "docker" + + config { + image = "marc.sastre.cat/moimoin-back:latest" + ports = ["moimoin-back"] + } + + env { + MYSQL_HOST = "${attr.unique.network.ip-address}" # "100.91.225.117" + MYSQL_PORT = "33306" + MYSQL_USER = "root" + MYSQL_PASSWORD = "estrell4galicia" + MYSQL_NAME = "xat-osr" + CHAT_ADMIN_PSWD = "cervesaEspecial" + CLIENT_HOST = "marc.sastre.cat/moimoin" + } + + resources { + cpu = 100 + memory = 128 + } + + service { + name = "moimoin-back" + port = "moimoin-back" + + check { + type = "tcp" + port = "moimoin-back" + interval = "30s" + timeout = "10s" + } + } + } + + task "moimoin-front" { + driver = "docker" + + config { + image = "marc.sastre.cat/moimoin-front:latest" + ports = ["moimoin-front"] + } + + env { + CLIENT_PORT = "5000" + } + + resources { + cpu = 100 + memory = 128 + } + + service { + name = "moimoin-front" + port = "moimoin-front" + + check { + type = "tcp" + port = "moimoin-front" + interval = "30s" + timeout = "10s" + } + } + } + + } +} diff --git a/data/nomad/nextcloud.nomad b/data/nomad/nextcloud.nomad new file mode 100644 index 0000000..78f76ff --- /dev/null +++ b/data/nomad/nextcloud.nomad @@ -0,0 +1,188 @@ +job "nextcloud" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "nextcloud" { + count = 1 + + restart { + attempts = 5 + delay = "1m" + } + + # Network + + network { + port "nextcloud" { + static = 8080 + to = 80 + } + port "mariadb" { + static = 3306 + to = 3306 + } + # port "collabora" { + # to = 9980 + # } + } + + # Volumes + + volume "nextcloud" { + type = "host" + read_only = false + source = "nextcloud" + } + + volume "mariadb" { + type = "host" + read_only = false + source = "mariadb" + } + + # volume "collabora" { + # type = "host" + # read_only = false + # source = "collabora" + # } + + ### + # NEXTCLOUD + ### + + task "nextcloud" { + driver = "docker" + + user = 1001 + + env { + MYSQL_PASSWORD = "hxKOD13MUh" + MYSQL_DATABASE = "nextcloud" + MYSQL_USER = "nextcloud" + MYSQL_HOST = "${NOMAD_ADDR_mariadb}" + NEXTCLOUD_TRUSTED_DOMAINS = "nextcloud.samfelag.xyz" + OVERWRITEPROTOCOL = "https" + } + + volume_mount { + volume = "nextcloud" + destination = "/var/www/html" + read_only = false + } + + config { + image = "nextcloud:latest" + ports = ["nextcloud"] + } + + resources { + cpu = 2000 + memory = 512 + } + + service { + name = "nextcloud" + port = "nextcloud" + + check { + type = "tcp" + port = "nextcloud" + interval = "30s" + timeout = "2s" + } + } + } + + ### + # MARIADB + ### + + task "mariadb" { + driver = "docker" + + user = 1001 + + env { + MYSQL_ROOT_PASSWORD = "hxKOD13MUh" + MYSQL_ROOT_HOST = "${NOMAD_IP_mariadb}" + MYSQL_PASSWORD = "hxKOD13MUh" + MYSQL_DATABASE = "nextcloud" + MYSQL_USER = "nextcloud" + } + + volume_mount { + volume = "mariadb" + destination = "/var/lib/mysql" + read_only = false + } + + config { + image = "mariadb:10.5" + ports = ["mariadb"] + } + + resources { + cpu = 1000 + memory = 256 + } + + service { + name = "mariadb" + tags = ["mariadb"] + + port = "mariadb" + + check { + type = "tcp" + port = "mariadb" + interval = "30s" + timeout = "2s" + } + } + } + + ### + # COLLABORA + ### + + # task "collabora" { + # driver = "docker" + + # env { + # aliasgroup1 = "https://nextcloud.lajuntament.space:443" + # username = "lajuntament" + # password = "eLn1lIm4rc" + # } + + # volume_mount { + # volume = "collabora" + # destination = "/etc/loolwsd" + # read_only = false + # } + + # config { + # image = "collabora/code:latest" + # ports = ["collabora"] + # } + + # resources { + # cpu = 2000 + # memory = 1024 + # } + + # service { + # name = "collabora" + # port = "collabora" + + # check { + # type = "tcp" + # port = "collabora" + # interval = "30s" + # timeout = "2s" + # } + # } + + # } + } +} diff --git a/data/nomad/old/collabora.nomad b/data/nomad/old/collabora.nomad new file mode 100644 index 0000000..a8c0132 --- /dev/null +++ b/data/nomad/old/collabora.nomad @@ -0,0 +1,67 @@ +job "collabora" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "collabora" { + count = 1 + + restart { + attempts = 5 + delay = "1m" + } + + network { + port "http" { + to = 9980 + } + } + + volume "collabora" { + type = "host" + read_only = false + source = "collabora" + } + + task "collabora" { + driver = "docker" + + env { + domain = "nextcloud\\.lajuntament\\.space" + username = "lajuntament" + password = "eLn1lIm4rc" + extra_params = "--o:ssl.enable=false" + } + + volume_mount { + volume = "collabora" + destination = "/etc/loolwsd" + read_only = false + } + + config { + image = "collabora/code:latest" + ports = ["http"] + } + + resources { + cpu = 1500 + memory = 1024 + } + + service { + name = "collabora" + port = "http" + + check { + type = "tcp" + port = "http" + interval = "30s" + timeout = "2s" + } + } + + } + } +} + diff --git a/data/nomad/old/pihole.nomad b/data/nomad/old/pihole.nomad new file mode 100644 index 0000000..bc6e8c5 --- /dev/null +++ b/data/nomad/old/pihole.nomad @@ -0,0 +1,73 @@ +job "pihole" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "pihole" { + count = 1 + + volume "pihole" { + type = "host" + read_only = false + source = "dns-pihole" + } + + volume "dnsmasq" { + type = "host" + read_only = false + source = "dns-dnsmasq" + } + + restart { + attempts = 5 + delay = "15s" + } + + network { + port "dns" { + static = 53 + } + port "http" { + to = 80 + } + } + + task "pihole" { + driver = "docker" + + volume_mount { + volume = "pihole" + destination = "/etc/pihole" + read_only = false + } + + volume_mount { + volume = "dnsmasq" + destination = "/etc/dnsmasq.d" + read_only = false + } + + env { + TZ = "Europe/Amsterdam" + WEBPASSWORD = "elbonfeix" + ServerIP = "100.107.148.47" + } + + config { + image = "pihole/pihole:v5.7" + ports = ["dns", "http"] + } + + resources { + cpu = 100 + memory = 64 + } + + service { + name = "pihole-gui" + port = "http" + } + } + } +} + diff --git a/data/nomad/old/unbound.nomad b/data/nomad/old/unbound.nomad new file mode 100644 index 0000000..78031a5 --- /dev/null +++ b/data/nomad/old/unbound.nomad @@ -0,0 +1,47 @@ +job "unbound" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "unbound" { + count = 1 + + volume "unbound" { + type = "host" + read_only = false + source = "dns-unbound" + } + + restart { + attempts = 5 + delay = "15s" + } + + network { + port "dns" { + static = 5533 + } + } + + task "unbound" { + driver = "docker" + + volume_mount { + volume = "unbound" + destination = "/opt/unbound/etc/unbound/" + read_only = false + } + + config { + image = "mvance/unbound:latest" + ports = ["dns"] + } + + resources { + cpu = 50 + memory = 64 + } + } + } +} + diff --git a/data/nomad/organice.nomad b/data/nomad/organice.nomad new file mode 100644 index 0000000..d7ca222 --- /dev/null +++ b/data/nomad/organice.nomad @@ -0,0 +1,52 @@ +job "organice" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "organice" { + count = 1 + + restart { + attempts = 5 + delay = "1m" + } + + network { + port "http" { + to = 5000 + } + } + + task "organice" { + driver = "docker" + + env { + ORGANICE_WEBDAV_URL = "https://nextcloud.lajuntament.space/remote.php/dav/files/marc/" + } + + config { + image = "twohundredok/organice:latest" + ports = ["http"] + } + + resources { + cpu = 100 + memory = 128 + } + + service { + name = "organice" + port = "http" + + check { + type = "tcp" + port = "http" + interval = "30s" + timeout = "2s" + } + } + + } + } +} + diff --git a/data/nomad/pasta.nomad b/data/nomad/pasta.nomad new file mode 100644 index 0000000..ef1656c --- /dev/null +++ b/data/nomad/pasta.nomad @@ -0,0 +1,70 @@ +job "pasta" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "pasta" { + count = 1 + + restart { + attempts = 5 + delay = "15s" + } + + network { + port "backend" { + to = 3000 + } + port "client" { + to = 80 + } + } + + # PASTA SERVER + task "pasta-server" { + driver = "docker" + + env { + PASTA_PORT = "3000" + PASTA_DIR = "/pasta" + } + + config { + image = "marc.sastre.cat/pasta-server" + ports = ["backend"] + volumes = ["/mnt/vatnajokull/nomad_volumes/pasta:/pasta"] + } + + resources { + cpu = 100 + memory = 256 + } + + service { + name = "pasta-server" + port = "backend" + } + } + + # PASTA CLIENT + task "pasta-client" { + driver = "docker" + + config { + image = "marc.sastre.cat/pasta-client" + ports = ["client"] + } + + resources { + cpu = 50 + memory = 32 + } + + service { + name = "pasta-client" + port = "client" + } + } + } +} + diff --git a/data/nomad/presencia.nomad b/data/nomad/presencia.nomad new file mode 100644 index 0000000..a2964b9 --- /dev/null +++ b/data/nomad/presencia.nomad @@ -0,0 +1,41 @@ +job "presencia" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "presencia" { + count = 1 + + restart { + attempts = 5 + delay = "15s" + } + + network { + port "http" { + to = 5000 + } + } + + # PRESENCIA APP + task "presencia" { + driver = "docker" + + config { + image = "marc.sastre.cat/presencia" + ports = ["http"] + } + + resources { + cpu = 50 + memory = 64 + } + + service { + name = "presencia" + port = "http" + } + } + } +} + diff --git a/data/nomad/registry.nomad b/data/nomad/registry.nomad new file mode 100644 index 0000000..ad31058 --- /dev/null +++ b/data/nomad/registry.nomad @@ -0,0 +1,52 @@ +job "registry" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "registry" { + count = 1 + + restart { + attempts = 5 + delay = "1m" + } + + network { + port "http" { + to = 5000 + } + } + + task "registry" { + driver = "docker" + + env { + REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY = "/data" + } + + config { + image = "registry:2" + ports = ["http"] + volumes = ["/mnt/vatnajokull/nomad_volumes/registry:/data"] + } + + resources { + cpu = 100 + memory = 256 + } + + service { + name = "registry" + port = "http" + + check { + type = "tcp" + port = "http" + interval = "30s" + timeout = "2s" + } + } + } + } +} + diff --git a/data/nomad/webhooks.nomad b/data/nomad/webhooks.nomad new file mode 100644 index 0000000..608511f --- /dev/null +++ b/data/nomad/webhooks.nomad @@ -0,0 +1,52 @@ +job "webhooks" { + region = "global" + datacenters = ["samfelag"] + type = "service" + + group "webhooks" { + count = 1 + + restart { + attempts = 5 + delay = "1m" + } + + network { + port "http" { + to = 6000 + } + } + + task "webhooks" { + driver = "docker" + + env { + CONFIG_FILE = "/app/data/config.json" + } + + config { + image = "marc.sastre.cat/webhooks:latest" + ports = ["http"] + volumes = ["/mnt/vatnajokull/nomad_volumes/webhooks:/app/data"] + } + + resources { + cpu = 100 + memory = 128 + } + + service { + name = "webhooks" + port = "http" + + check { + type = "tcp" + port = "http" + interval = "30s" + timeout = "2s" + } + } + } + } +} + diff --git a/modules/server/nomad.nix b/modules/server/nomad.nix index 7c2ae74..1aae9fe 100644 --- a/modules/server/nomad.nix +++ b/modules/server/nomad.nix @@ -47,11 +47,11 @@ in }; }; - # --- Secrets --------------------------------- - age.secrets = { "nomad.d/consul-token.json" = { - file = ../../secrets/nomad.d/consul-token.json.age; + file = if cfg.server + then ../../secrets/nomad.d/consul-token-server.json.age + else ../../secrets/nomad.d/consul-token-client.json.age; mode = "644"; }; }; diff --git a/secrets/consul.d/agent-token-reykjavik.json.age b/secrets/consul.d/agent-token-reykjavik.json.age index 67b1845..c99c78b 100644 Binary files a/secrets/consul.d/agent-token-reykjavik.json.age and b/secrets/consul.d/agent-token-reykjavik.json.age differ diff --git a/secrets/consul.d/agent-token-thingvellir.json.age b/secrets/consul.d/agent-token-thingvellir.json.age index 1a94b60..f93970f 100644 Binary files a/secrets/consul.d/agent-token-thingvellir.json.age and b/secrets/consul.d/agent-token-thingvellir.json.age differ diff --git a/secrets/consul.d/consul-agent-ca-key.pem.age b/secrets/consul.d/consul-agent-ca-key.pem.age index de605f7..e44dae8 100644 --- a/secrets/consul.d/consul-agent-ca-key.pem.age +++ b/secrets/consul.d/consul-agent-ca-key.pem.age @@ -1,6 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 GWuf0Q MD7uGzKIk90mRQJVI/HKk9MMbI3HwkwwKEoLc/R8qyQ -m2K5DUI+O+ufDWl1faCwR+9nA8vxAQW5pptwgEhzMJI ---- JkkPxFdtVCa3MQqLCpJ7GBajuyQAyHjwr6fbCV81qdA -6JJ7DYb@3z9WnC R4H-Қ {Fo -ZJ -JDa~DLy\rEGAbfj`!Sfi+w4fA1ye2`L>%'o"'hԵ;3ZHPa @ΊO0[VI|5cSȗ#3U2|,+Z2BaX*0qRglPz5D*#m \ No newline at end of file +-> ssh-ed25519 GWuf0Q UGRQaYwj+drn/22AfMDMKsoO0APyZA0Q7KychsCafUs +STKHeUzgmNHQBzoAxzA37QNTHWiFFu+CqwPw8pKfRd0 +--- VHt9chFlFpduvg0IMozIiFr3cfTBtxke2TeZBaZakEg +V 'SAL|5I֊T&uTiSKYA!Jws[@d٩"%Xo.J-OWajBQ{g VD>)wÎ[BF|o(m6bERs?럓!|b‡an߂6>;KNC')gK"C4 +)f#~riF@den89 uM紖T5tD<_zp: \ No newline at end of file diff --git a/secrets/consul.d/consul-agent-ca.pem.age b/secrets/consul.d/consul-agent-ca.pem.age index fffbeef..e0a9c40 100644 Binary files a/secrets/consul.d/consul-agent-ca.pem.age and b/secrets/consul.d/consul-agent-ca.pem.age differ diff --git a/secrets/consul.d/gossip.json.age b/secrets/consul.d/gossip.json.age index f57e3dc..1983204 100644 Binary files a/secrets/consul.d/gossip.json.age and b/secrets/consul.d/gossip.json.age differ diff --git a/secrets/consul.d/samfelag-server-thingvellir-key.pem.age b/secrets/consul.d/samfelag-server-thingvellir-key.pem.age index d090129..3cd812f 100644 Binary files a/secrets/consul.d/samfelag-server-thingvellir-key.pem.age and b/secrets/consul.d/samfelag-server-thingvellir-key.pem.age differ diff --git a/secrets/consul.d/samfelag-server-thingvellir.pem.age b/secrets/consul.d/samfelag-server-thingvellir.pem.age index 0fed769..ec77a94 100644 Binary files a/secrets/consul.d/samfelag-server-thingvellir.pem.age and b/secrets/consul.d/samfelag-server-thingvellir.pem.age differ diff --git a/secrets/nomad.d/consul-token-client.json.age b/secrets/nomad.d/consul-token-client.json.age new file mode 100644 index 0000000..d6a24b6 Binary files /dev/null and b/secrets/nomad.d/consul-token-client.json.age differ diff --git a/secrets/nomad.d/consul-token-server.json.age b/secrets/nomad.d/consul-token-server.json.age new file mode 100644 index 0000000..0bdb95a --- /dev/null +++ b/secrets/nomad.d/consul-token-server.json.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 GWuf0Q 4t1WD76CN3hhc3073abxAsobKWKDX+yemaIxHy8PiDk +9O2cAi7MJVqGiTNnOIez4MACEYMB3/YyLSz4Z4YWe2c +-> ssh-ed25519 kNjiNQ WaXpqZbqRuLo9q241VclrLfHOQ94VRB8D0RY2es8KBM +P6iayA+emjHOEg59EzXU32RCRKZaGS0j7d3wk4Is6tQ +--- QsnjyrQe2d1K59Q/i3/NIXaK87rsDf4neQS5sKJ6yeY +&8"ڨ?4 ? +$!Yju*8cDC!" |hV9N>lvDH1V2 XCA'!-kрBˡ \ No newline at end of file diff --git a/secrets/nomad.d/consul-token.json.age b/secrets/nomad.d/consul-token.json.age deleted file mode 100644 index 1c50fc6..0000000 --- a/secrets/nomad.d/consul-token.json.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 GWuf0Q /XcgfDBTfuPwmHppIuebKrUG7kwyWvwvV9s4Uz8F5Vc -T9a+SfUQljNue/MuLGYM88RdeL//HFHVi73h1HIxKR8 --> ssh-ed25519 zhVGHw TzasXNF1RyeJm0AJh+bKo0+8jJUeTdL38/YpfX96cDU -hHgwS5htLLV9gXBlUtyszaLQtDB5dGUc3qmWSOmSt1E --> ssh-ed25519 kNjiNQ a3ZzkIGDlAMvEUTXikMteCe969a/qxKog1KdLCmYxBY -F+sGFzXnv5SYjvI79xf0yw5Qx6azIdt9EAd6A0Fc5wg ---- EB4QDFEC5bbpBEUq5r1lvlnk2g5yV4wrTAIOM30F50Q -;Cs?Q\sqrb;BXnI%Xqx JU:KQtAzX;x* kfK0V-n/P \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 8859936..3d65e62 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,5 +30,6 @@ in "consul.d/agent-token-thingvellir.json.age".publicKeys = thingvellir; # -- Nomad ------------------------------- - "nomad.d/consul-token.json.age".publicKeys = samfelag-hosts; + "nomad.d/consul-token-client.json.age".publicKeys = samfelag-hosts; + "nomad.d/consul-token-server.json.age".publicKeys = thingvellir; }