the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 6 Projects 1 Releases Packages Wiki Activity
Temp repo for Bagel-baking infrastructure
421 commits 27 branches 0 tags 3.1 MiB
Nix 89.9%
Python 4.9%
JavaScript 2%
Shell 2%
Smarty 1.2%
Find a file
Raito Bezarius 75afd39d3b feat(pki): init the root CA 
This is our first CA, stored on an offline NitroHSM held by Raito.
Expiry date is set in 3650 days.

This was initialized at 38C3 on day 4, in presence of:

- 4 witness
- 3 board members

This was not backupped on the same day to other HSMs.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-30 17:22:25 +01:00
common chore: introduce finer-grained baremetal management 2024-12-23 21:30:38 +01:00
dashboards feat(grafana): plug jsonnet-based dashboards in provisioning 2024-08-24 16:32:21 +02:00
hosts chore: introduce finer-grained baremetal management 2024-12-23 21:30:38 +01:00
lib chore: reformat properly the library file 2024-12-23 21:43:22 +01:00
overlays fix: pin pyroscope to go 1.22 2024-11-12 23:16:46 +03:00
pki feat(pki): init the root CA 2024-12-30 17:22:25 +01:00
secrets feat: listen on Gerrit events and rewrite them as generic VCS events 2024-12-16 01:25:53 +01:00
services chore: introduce finer-grained baremetal management 2024-12-23 21:30:38 +01:00
terraform feat(terraform/vault/pki): init 2024-12-30 17:22:25 +01:00
.editorconfig editorconfig: init 2024-07-13 01:10:18 +00:00
.envrc chore: add lorri to prevent direnv from blocking, closes #147 2024-10-27 09:42:11 +00:00
.gitignore gitignore: add secrets (but not encrypted secrets) to gitignore 2024-07-15 11:02:54 +00:00
flake.lock chore(gerrit): go back to refs/heads/main 2024-12-29 17:39:54 +01:00
flake.nix chore(gerrit): go back to refs/heads/main 2024-12-29 17:39:54 +01:00
LICENSE Initial commit 2024-06-23 06:41:53 +02:00
README.md docs(README.md): explain how to deploy things 2024-10-06 08:09:53 +00:00
secrets.nix feat: listen on Gerrit events and rewrite them as generic VCS events 2024-12-16 01:25:53 +01:00

README.md

Infrastructure for the donut shaped thing that is absolutely not a donut.

Quick start

Build the infrastructure

$ colmena build --on @localboot

Notice that @localboot is load-bearing as we have some machines that cannot be deployed with vanilla Colmena. Fixing this is welcome.

Recommended deploy process

$ colmena apply dry-activate $machine # Verify that the nvd log is reasonable.
$ colmena apply $machine

Recommended upgrade process

$ nix flake update
$ colmena apply dry-activate --on @localboot # Verify that the nvd log is reasonable. Run it twice to get only NVD logs shown.
$ colmena apply --on @localboot

Troubleshooting

I failed to deploy gerrit01

Our Gerrit source build is known to have some hiccups sometimes, we are always interested in build logs, feel free to attach information in a new issue so we can make it more reliable.