fix(ingress.tjo.cloud): enable services once ready
Some checks failed
/ lint (push) Has been cancelled
Some checks failed
/ lint (push) Has been cancelled
This commit is contained in:
parent
4a0b589859
commit
1e4407dda0
SSH key fingerprint:
SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
2 changed files with 8 additions and 7 deletions
|
|
@ -59,10 +59,6 @@ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list
|
||||||
apt update -y
|
apt update -y
|
||||||
apt install -y tailscale
|
apt install -y tailscale
|
||||||
|
|
||||||
##
|
|
||||||
echo "== Ensure services are enabled"
|
|
||||||
systemctl enable --now nginx alloy tailscaled dydns
|
|
||||||
|
|
||||||
##
|
##
|
||||||
echo "== Configure Grafana Alloy"
|
echo "== Configure Grafana Alloy"
|
||||||
cp -r root/etc/alloy/* /etc/alloy/
|
cp -r root/etc/alloy/* /etc/alloy/
|
||||||
|
|
@ -78,6 +74,7 @@ echo "OTEL_RESOURCE_ATTRIBUTES=${ATTRIBUTES}" >>/etc/default/alloy
|
||||||
echo "alloy_username=${SERVICE_ACCOUNT_USERNAME}"
|
echo "alloy_username=${SERVICE_ACCOUNT_USERNAME}"
|
||||||
echo "alloy_password=${SERVICE_ACCOUNT_PASSWORD}"
|
echo "alloy_password=${SERVICE_ACCOUNT_PASSWORD}"
|
||||||
} >>/etc/default/alloy
|
} >>/etc/default/alloy
|
||||||
|
systemctl enable --now alloy
|
||||||
systemctl restart alloy
|
systemctl restart alloy
|
||||||
|
|
||||||
##
|
##
|
||||||
|
|
@ -87,10 +84,12 @@ cp -r root/etc/default/dydns /etc/default/dydns
|
||||||
echo "DIGITALOCEAN_TOKEN=${DIGITALOCEAN_TOKEN}"
|
echo "DIGITALOCEAN_TOKEN=${DIGITALOCEAN_TOKEN}"
|
||||||
echo "NAME=${CLOUD_REGION}"
|
echo "NAME=${CLOUD_REGION}"
|
||||||
} >>/etc/default/dydns
|
} >>/etc/default/dydns
|
||||||
|
systemctl enable --now dydns
|
||||||
systemctl restart dydns
|
systemctl restart dydns
|
||||||
|
|
||||||
##
|
##
|
||||||
echo "== Configure Tailscale"
|
echo "== Configure Tailscale"
|
||||||
|
systemctl enable --now tailscaled
|
||||||
if tailscale status --json | jq -e -r '.BackendState != "Running"' >/dev/null; then
|
if tailscale status --json | jq -e -r '.BackendState != "Running"' >/dev/null; then
|
||||||
tailscale up \
|
tailscale up \
|
||||||
--ssh=true \
|
--ssh=true \
|
||||||
|
|
@ -134,4 +133,5 @@ systemctl enable ufw
|
||||||
echo "== Configure NGINX"
|
echo "== Configure NGINX"
|
||||||
cp assets/dbip-city-lite-2023-07.mmdb /var/geoip.mmdb
|
cp assets/dbip-city-lite-2023-07.mmdb /var/geoip.mmdb
|
||||||
cp -r root/etc/nginx/* /etc/nginx/
|
cp -r root/etc/nginx/* /etc/nginx/
|
||||||
|
systemctl enable --now nginx
|
||||||
systemctl reload nginx
|
systemctl reload nginx
|
||||||
|
|
|
||||||
|
|
@ -48,10 +48,11 @@ provision-only node:
|
||||||
pushd {{source_directory()}}/terraform > /dev/null
|
pushd {{source_directory()}}/terraform > /dev/null
|
||||||
NODES=$(tofu output -json | jq -r '.nodes.value[]')
|
NODES=$(tofu output -json | jq -r '.nodes.value[]')
|
||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
|
|
||||||
for NODE in $NODES
|
for NODE in $NODES
|
||||||
do
|
do
|
||||||
if [ "$NODE" -eq "{{node}}" ]
|
if [ "$NODE" = "{{node}}-ingress-tjo-cloud" ]
|
||||||
|
then
|
||||||
echo "= Provisioning node ${NODE}"
|
echo "= Provisioning node ${NODE}"
|
||||||
cat install.sh | tailscale ssh ubuntu@${NODE} 'sudo bash -s'
|
cat install.sh | tailscale ssh ubuntu@${NODE} 'sudo bash -s'
|
||||||
fi
|
fi
|
||||||
|
|
@ -80,4 +81,4 @@ update-blocked-list:
|
||||||
echo "#!!DO NOT EDIT!! Generated by using just ingress-blocked-list command." > root/etc/nginx/partials/blocked.conf
|
echo "#!!DO NOT EDIT!! Generated by using just ingress-blocked-list command." > root/etc/nginx/partials/blocked.conf
|
||||||
for ip in $IP_RANGES; do
|
for ip in $IP_RANGES; do
|
||||||
echo "deny $ip;" >> root/etc/nginx/partials/blocked.conf
|
echo "deny $ip;" >> root/etc/nginx/partials/blocked.conf
|
||||||
done
|
done
|
||||||
Loading…
Reference in a new issue