cluster-deployment/jobs/wesher/wesher.job

28 lines
951 B
Text
Raw Normal View History

#!/usr/bin/env bash
echo "Don't forget to run the wireguard job first";
# Sort out log rotation
COPY "${JOBFILE_DIR}/wesher.logrotate" "/tmp/wesher.logrotate"
RUN "sudo mv /tmp/wesher.logrotate /etc/logrotate.d/wesher"
RUN "sudo chown root:root /etc/logrotate.d/wesher"
RUN "sudo apt-get update";
RUN "sudo apt-get install --yes wesher wesher-systemd";
RUN "sudo ufw allow 7946 comment wesher-gossip";
RUN "sudo ufw allow 51820/udp comment wesher-wireguard";
# Allow all traffic from the VPN; we don't actually know what ports Nomad will use
RUN "sudo ufw allow in on wgoverlay";
# Activate the new logging system
RUN "sudo systemctl restart logrotate"
# See the Keepass entry in our database for copy-paste commands to join nodes.
# Basically:
# sudo wesher --cluster-key CLUSTER_KEY_HERE --join 172.16.230.100 --overlay-net 172.31.250.0/16 --log-level info
# sudo systemctl enable --now wesher.service
# sudo systemctl status wesher.service