the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 6 Projects 1 Releases Packages Wiki Activity
Temp repo for Bagel-baking infrastructure
431 commits 27 branches 0 tags 3.1 MiB
Nix 89.9%
Python 4.9%
JavaScript 2%
Shell 2%
Smarty 1.2%
Find a file
Raito Bezarius c9aa82ba49 feat(terraform): support declarative subCAs and their Vault policies 
We can now derive an infinite amount of subCAs as long as we do not
violate extensions constraints.

Additionally, we can build Vault policies specific to the PKI endpoint
without encoding the mountpoints.

Additionally, we can build Vault roles specific to the PKI endpoint
without encoding the mountpoints.

This adds an example of deep-derivation.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2025-01-01 01:54:37 +01:00
common chore: introduce finer-grained baremetal management 2024-12-23 21:30:38 +01:00
dashboards feat(grafana): plug jsonnet-based dashboards in provisioning 2024-08-24 16:32:21 +02:00
hosts chore: introduce finer-grained baremetal management 2024-12-23 21:30:38 +01:00
lib chore: reformat properly the library file 2024-12-23 21:43:22 +01:00
overlays fix: pin pyroscope to go 1.22 2024-11-12 23:16:46 +03:00
pki feat: sign the ICA1 CSR 2024-12-31 17:50:23 +01:00
secrets feat: listen on Gerrit events and rewrite them as generic VCS events 2024-12-16 01:25:53 +01:00
services chore: introduce finer-grained baremetal management 2024-12-23 21:30:38 +01:00
terraform feat(terraform): support declarative subCAs and their Vault policies 2025-01-01 01:54:37 +01:00
.editorconfig editorconfig: init 2024-07-13 01:10:18 +00:00
.envrc chore: add lorri to prevent direnv from blocking, closes #147 2024-10-27 09:42:11 +00:00
.gitignore gitignore: add secrets (but not encrypted secrets) to gitignore 2024-07-15 11:02:54 +00:00
default.nix feat: sign the ICA1 CSR 2024-12-31 17:50:23 +01:00
flake.lock chore: rewire everything to a single flake-compat 2024-12-31 17:37:22 +01:00
flake.nix feat(terraform): support declarative subCAs and their Vault policies 2025-01-01 01:54:37 +01:00
LICENSE Initial commit 2024-06-23 06:41:53 +02:00
README.md docs(README.md): explain how to deploy things 2024-10-06 08:09:53 +00:00
secrets.nix feat: listen on Gerrit events and rewrite them as generic VCS events 2024-12-16 01:25:53 +01:00

README.md

Infrastructure for the donut shaped thing that is absolutely not a donut.

Quick start

Build the infrastructure

$ colmena build --on @localboot

Notice that @localboot is load-bearing as we have some machines that cannot be deployed with vanilla Colmena. Fixing this is welcome.

Recommended deploy process

$ colmena apply dry-activate $machine # Verify that the nvd log is reasonable.
$ colmena apply $machine

Recommended upgrade process

$ nix flake update
$ colmena apply dry-activate --on @localboot # Verify that the nvd log is reasonable. Run it twice to get only NVD logs shown.
$ colmena apply --on @localboot

Troubleshooting

I failed to deploy gerrit01

Our Gerrit source build is known to have some hiccups sometimes, we are always interested in build logs, feel free to attach information in a new issue so we can make it more reliable.