the-distro/infra
8
1
Fork 8
Code Issues 39 Pull requests 9 Projects Releases Packages Wiki Activity Actions
Temp repo for Bagel-baking infrastructure https://hydra.forkos.org/project/infra
784 commits 24 branches 0 tags 4.7 MiB
Find a file
Exact
Raito Bezarius a45a9e1232 terraform/afnix-superadmin/keycloak/zulip: init 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2025-08-27 02:36:52 +02:00
common vm/afnix-ovh-lim-hv01/afnix-zulip01: init 2025-08-27 02:36:52 +02:00
dashboards feat(grafana): plug jsonnet-based dashboards in provisioning 2024-08-24 16:32:21 +02:00
dnscontrol vm/afnix-ovh-lim-hv01/afnix-zulip01: init 2025-08-27 02:36:52 +02:00
hosts build-coord: move floral->afnix tenancy 2025-08-23 19:57:21 +00:00
lib flake: use flake-parts and simplify(?) 2025-02-17 22:02:12 +01:00
netboot/arm64 feat: introduce ARM64 baremetal nodes 2025-02-12 22:30:45 +01:00
overlays pkgs/besadii: support regexes for target branches 2025-07-25 00:40:03 +00:00
pki feat(systems): trust our infra chain on all systems 2025-01-01 03:43:13 +01:00
secrets vm/afnix-ovh-lim-hv01/afnix-zulip01: init 2025-08-27 02:36:52 +02:00
services baremetal/native-vm: add vmlib.getInterfaceName to obtain interface names 2025-08-27 02:36:52 +02:00
terraform terraform/afnix-superadmin/keycloak/zulip: init 2025-08-27 02:36:52 +02:00
vm vm/afnix-ovh-lim-hv01/afnix-zulip01: init 2025-08-27 02:36:52 +02:00
.editorconfig editorconfig: init 2024-07-13 01:10:18 +00:00
.envrc chore: add lorri to prevent direnv from blocking, closes #147 2024-10-27 09:42:11 +00:00
.gitattributes feat(secrets): flag .age secret blobs as binary 2025-02-25 17:30:56 +01:00
.gitignore gitignore: fix exclusion pattern for per-tenant secrets 2025-07-30 14:03:47 +02:00
baremetal-nodes.nix flake: use flake-parts and simplify(?) 2025-02-17 22:02:12 +01:00
builders.nix hydra: configure machines via /etc 2025-03-23 00:48:10 +01:00
colmena.nix flake: use flake-parts and simplify(?) 2025-02-17 22:02:12 +01:00
default.nix feat: sign the ICA1 CSR 2024-12-31 17:50:23 +01:00
flake.lock vm/afnix-ovh-lim-hv01/lix-zulip01: init 2025-08-27 02:36:52 +02:00
flake.nix vm/afnix-ovh-lim-hv01/lix-zulip01: init 2025-08-27 02:36:52 +02:00
LICENSE Initial commit 2024-06-23 06:41:53 +02:00
README.md docs(dns): add small section to README 2025-05-09 10:26:00 +02:00
secrets.nix vm/afnix-ovh-lim-hv01/afnix-zulip01: init 2025-08-27 02:36:52 +02:00

README.md

Infrastructure for the donut shaped thing that is absolutely not a donut.

Quick start

Enter our dev-shell for things like our colmena wrapper, secrets helper and required binaries:

$ nix develop

Build the infrastructure

$ colmena build --on @localboot

Notice that @localboot is load-bearing as we have some machines that cannot be deployed with vanilla Colmena. Fixing this is welcome.

Recommended deploy process

$ colmena apply dry-activate $machine # Verify that the nvd log is reasonable.
$ colmena apply $machine

Recommended upgrade process

$ nix flake update
$ colmena apply dry-activate --on @localboot # Verify that the nvd log is reasonable. Run it twice to get only NVD logs shown.
$ colmena apply --on @localboot

Deploy the Terraform infrastructure

$ vault-login
$ eval "$(get-secrets)"
$ nix run .#tf -- plan # Vanilla Terraform from there.
$ nix run .#tf -- apply

Make changes to DNS via dnscontrol

$ vault-login
$ eval "$(get-secrets)"
$ cd dnscontrol
$ dnscontrol preview # preview the changes without applying them
$ dnscontrol push # apply changes

Troubleshooting

I failed to deploy gerrit01

Our Gerrit source build is known to have some hiccups sometimes, we are always interested in build logs, feel free to attach information in a new issue so we can make it more reliable.

get-secrets fails

Are you a floral-admin ? If not, please get in touch with one of the superadmins.