This gist describes how to set up a new machine running coreos.
ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa_kartoza99
Get the public key:
# | |
# Name: nginx-tls.conf | |
# Auth: Gavin Lloyd <gavinhungry@gmail.com> | |
# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating | |
# | |
# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related | |
# to SSL/TLS are not included here. | |
# | |
# Additional tips: | |
# |
LVM on LUKS Arch installation with systemd-boot
Sources:
Note: If you want a simpler encryption setup (with LUKS only), you can instead use the archinstall "guided" installer included with Arch since April 2021.
# Shortcuts | |
alias ..='cd ..' | |
alias l='ls' | |
alias ll='ls -al' | |
alias la='ls -A' |
When setting these options consider the following:
sudo grep max_children /var/log/php?.?-fpm.log.1 /var/log/php?.?-fpm.log
# Ansible Tower database settings. | |
''' | |
This is for a Tower instance using a remote postgresql database. | |
Lines from ATOMIC_REQUESTS to PORT are default settings | |
CONN_MAX_AGE and OPTIONS dict are added in | |
This change seemingly allows Tower to re-use its database connections, | |
which can MASSIVELY reduce CPU load if running very verbose playbooks. | |
Currently no real downsides noticed | |
''' |
#!/bin/bash | |
LOCATION=${HCLOUD_LOCATION:-nbg1-dc3} | |
if [ -z "$HCLOUD_TOKEN" ]; then | |
echo "You need to set HCLOUD_TOKEN to an Hetzner API token!"; | |
exit 1 | |
fi | |
if [ -z "$SSH_KEY" ]; then |
The following settings are provided as an example how longhorn should be configured in a production cluster, especially if it is deployed on Hetzner Cloud infrastructure.
Hetzner server nodes provide local storage and allow up to five attached volumes (with a size of up to 10TiB each) Local storage is provided by NVMe storage and therefore is much faster than the attached volumes, but limited in size (max 300GiB usable).
It is assumed that the cluster creation is already done, e.g. via terraform scripts provided by the great kube-hetzner project.