24 lines
957 B
Bash
Executable file
24 lines
957 B
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
wesher_secret="$(ask_password "wesher configuration" "Enter the wesher shared secret:")";
|
|
|
|
wesher_join_ip="$(ask_text "wesher configuration" "Enter an IP of a host in the cluster to join:")";
|
|
|
|
queue_apt_install "raspberrypi-kernel-headers" "wireguard" "wesher" "wesher-systemd";
|
|
|
|
|
|
queue_postinstall_step "10-wesher.sh";
|
|
|
|
queue_firewall_rule allow 7946 comment wesher-gossip;
|
|
queue_firewall_rule allow 51820/udp comment wesher-wireguard;
|
|
# Allow all traffic from the VPN; we don't actually know what ports Nomad will use
|
|
queue_firewall_rule allow in on wgoverlay;
|
|
|
|
|
|
# See the Keepass entry in our database for copy-paste commands to join nodes.
|
|
# Basically:
|
|
# sudo wesher --cluster-key CLUSTER_KEY_HERE --join 172.16.230.100 --overlay-net 172.31.250.0/16 --log-level info
|
|
# sudo systemctl enable --now wesher.service
|
|
# sudo systemctl status wesher.service
|
|
#
|
|
# This is all automated now thanks to this script andit's postinstall cousin.
|