the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 6 Projects 1 Releases Packages Wiki Activity
Temp repo for Bagel-baking infrastructure
439 commits 27 branches 0 tags 3.1 MiB
Nix 89.9%
Python 4.9%
JavaScript 2%
Shell 2%
Smarty 1.2%
Find a file
Raito Bezarius 27e17b3f34 fix(terraform/vault/sub-ca): policy path calculation requires path resource IDs 
It's impossible to recover the path resource IDs from the Terraform
resource IDs form.

Let's just add the path component and do the right thing.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2025-01-02 18:39:43 +01:00
common feat(systems): trust our infra chain on all systems 2025-01-01 03:43:13 +01:00
dashboards feat(grafana): plug jsonnet-based dashboards in provisioning 2024-08-24 16:32:21 +02:00
hosts feat(hosts/bagel-box): enable secrets-agent on this machine 2025-01-02 18:39:43 +01:00
lib chore: reformat properly the library file 2024-12-23 21:43:22 +01:00
overlays fix: pin pyroscope to go 1.22 2024-11-12 23:16:46 +03:00
pki feat(systems): trust our infra chain on all systems 2025-01-01 03:43:13 +01:00
secrets feat(secrets): init the bagel-box vault token 2025-01-02 18:39:43 +01:00
services feat(hosts/bagel-box): enable secrets-agent on this machine 2025-01-02 18:39:43 +01:00
terraform fix(terraform/vault/sub-ca): policy path calculation requires path resource IDs 2025-01-02 18:39:43 +01:00
.editorconfig editorconfig: init 2024-07-13 01:10:18 +00:00
.envrc chore: add lorri to prevent direnv from blocking, closes #147 2024-10-27 09:42:11 +00:00
.gitignore gitignore: add secrets (but not encrypted secrets) to gitignore 2024-07-15 11:02:54 +00:00
default.nix feat: sign the ICA1 CSR 2024-12-31 17:50:23 +01:00
flake.lock feat(systems): inject systemd-openbao project 2025-01-01 03:43:13 +01:00
flake.nix feat(systems): inject systemd-openbao project 2025-01-01 03:43:13 +01:00
LICENSE Initial commit 2024-06-23 06:41:53 +02:00
README.md docs(README.md): explain how to deploy things 2024-10-06 08:09:53 +00:00
secrets.nix feat(secrets): init the bagel-box vault token 2025-01-02 18:39:43 +01:00

README.md

Infrastructure for the donut shaped thing that is absolutely not a donut.

Quick start

Build the infrastructure

$ colmena build --on @localboot

Notice that @localboot is load-bearing as we have some machines that cannot be deployed with vanilla Colmena. Fixing this is welcome.

Recommended deploy process

$ colmena apply dry-activate $machine # Verify that the nvd log is reasonable.
$ colmena apply $machine

Recommended upgrade process

$ nix flake update
$ colmena apply dry-activate --on @localboot # Verify that the nvd log is reasonable. Run it twice to get only NVD logs shown.
$ colmena apply --on @localboot

Troubleshooting

I failed to deploy gerrit01

Our Gerrit source build is known to have some hiccups sometimes, we are always interested in build logs, feel free to attach information in a new issue so we can make it more reliable.