28 lines
951 B
Text
28 lines
951 B
Text
|
#!/usr/bin/env bash
|
||
|
|
||
|
echo "Don't forget to run the wireguard job first";
|
||
|
|
||
|
# Sort out log rotation
|
||
|
COPY "${JOBFILE_DIR}/wesher.logrotate" "/tmp/wesher.logrotate"
|
||
|
RUN "sudo mv /tmp/wesher.logrotate /etc/logrotate.d/wesher"
|
||
|
RUN "sudo chown root:root /etc/logrotate.d/wesher"
|
||
|
|
||
|
RUN "sudo apt-get update";
|
||
|
|
||
|
RUN "sudo apt-get install --yes wesher wesher-systemd";
|
||
|
|
||
|
RUN "sudo ufw allow 7946 comment wesher-gossip";
|
||
|
RUN "sudo ufw allow 51820/udp comment wesher-wireguard";
|
||
|
|
||
|
# Allow all traffic from the VPN; we don't actually know what ports Nomad will use
|
||
|
RUN "sudo ufw allow in on wgoverlay";
|
||
|
|
||
|
# Activate the new logging system
|
||
|
RUN "sudo systemctl restart logrotate"
|
||
|
|
||
|
# See the Keepass entry in our database for copy-paste commands to join nodes.
|
||
|
# Basically:
|
||
|
# sudo wesher --cluster-key CLUSTER_KEY_HERE --join 172.16.230.100 --overlay-net 172.31.250.0/16 --log-level info
|
||
|
# sudo systemctl enable --now wesher.service
|
||
|
# sudo systemctl status wesher.service
|