DGNum/infrastructure
9
6
Fork 3
Code Issues 31 Pull requests 32 Projects 1 Releases Packages Wiki Activity Actions

WIP: feat(infra): introduce Terranix #145

Draft
rlahfa wants to merge 5 commits from declarative-buckets into main
pull from: declarative-buckets
merge into: DGNum:main
Conversation 3 Commits 5 Files changed 11 +279 -4
rlahfa commented 2024-10-10 12:29:00 +02:00
Owner
Copy link

TODO:

  • expose s3-admin.dgnum.eu
  • make a mechanism to source the credentials for admin and manage rekeying à la agenix
  • import various secrets manually in the state bucket (e.g. admin token)

Blocker: garage_key_bucket and garage_global_alias cannot be imported via our provider, I need to fix this and maybe also fix automatic refresh.

Signed-off-by: Ryan Lahfa ryan@dgnum.eu

TODO: - [x] expose s3-admin.dgnum.eu - [x] make a mechanism to source the credentials for admin and manage rekeying à la agenix - [x] import various secrets manually in the state bucket (e.g. admin token) Blocker: garage_key_bucket and garage_global_alias cannot be imported via our provider, I need to fix this and maybe also fix automatic refresh. Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
rlahfa changed title from feat(infra): introduce Terranix to WIP:ù feat(infra): introduce Terranix 2024-10-10 12:29:44 +02:00
rlahfa changed title from WIP:ù feat(infra): introduce Terranix to WIP: feat(infra): introduce Terranix 2024-10-10 12:29:46 +02:00
thubrecht requested changes 2024-10-10 12:32:48 +02:00
default.nix Outdated
@ -67,9 +67,16 @@ let
commitizen.enable = true;
};
};
terranixConfig = import "${sources.terranix}/core" {
thubrecht commented 2024-10-10 12:30:22 +02:00
Owner
Copy link

Please add a newline

Please add a newline
rlahfa marked this conversation as resolved
default.nix Outdated
@ -70,3 +76,4 @@
in
{
inherit terranixConfigFile terranixConfig;
thubrecht commented 2024-10-10 12:30:51 +02:00
Owner
Copy link

Newline also after the inherit

Newline also after the inherit
rlahfa marked this conversation as resolved
terranix/state.nix Outdated
@ -0,0 +4,4 @@
# endpoints.
#
# Note: currently requires the user to provide AWS_ACCESS_KEY_ID as well as
# AWS_SECRET_ACCESS_KEY in their environment variables.
thubrecht commented 2024-10-10 12:32:41 +02:00
Owner
Copy link

TODO(one day): Add a .credentials directory, with age encrypted files that can be decrypted when entering the shell

TODO(one day): Add a .credentials directory, with age encrypted files that can be decrypted when entering the shell
rlahfa commented 2024-10-10 12:43:10 +02:00
Author
Owner
Copy link

let's do it now

let's do it now
rlahfa commented 2024-10-10 17:07:16 +02:00
Author
Owner
Copy link

done!

done!
rlahfa marked this conversation as resolved
terranix/state.nix Outdated
@ -0,0 +12,4 @@
bucket = "monorepo-terraform-state";
key = "state";
# It's just a dump Garage server, don't try to be smart.
thubrecht commented 2024-10-10 12:31:43 +02:00
Owner
Copy link

dumb*

dumb*
rlahfa marked this conversation as resolved
thubrecht reviewed 2024-10-10 12:34:09 +02:00
terranix/s3.nix Outdated
@ -0,0 +20,4 @@
};
};
garage_key = { };
garage_bucket_key = { };
thubrecht commented 2024-10-10 12:34:09 +02:00
Owner
Copy link

??

??
rlahfa commented 2024-10-10 12:42:52 +02:00
Author
Owner
Copy link

it's just to showcase how to use it

it's just to showcase how to use it
rlahfa commented 2024-10-10 12:43:02 +02:00
Author
Owner
Copy link

terraform won't delete things it doesn't know about FYI

terraform won't delete things it doesn't know about FYI
👍 1
thubrecht marked this conversation as resolved
rlahfa force-pushed declarative-buckets from ed50bab459 to 483bf93d26 2024-10-10 12:41:13 +02:00 Compare
rlahfa force-pushed declarative-buckets from 483bf93d26 to a1ace67cbd 2024-10-10 16:45:32 +02:00 Compare
rlahfa force-pushed declarative-buckets from a1ace67cbd to 0acececb31 2024-10-10 16:47:01 +02:00 Compare
rlahfa force-pushed declarative-buckets from 0acececb31 to d5e7ea14e7 2024-10-10 17:04:34 +02:00 Compare
rlahfa force-pushed declarative-buckets from d5e7ea14e7 to 2a89984ad6 2024-10-10 17:07:17 +02:00 Compare
rlahfa force-pushed declarative-buckets from 2a89984ad6 to a37d83c418 2024-10-10 17:30:58 +02:00 Compare
rlahfa force-pushed declarative-buckets from a37d83c418 to 5a14c63ba5 2024-10-10 17:53:06 +02:00 Compare
rlahfa force-pushed declarative-buckets from 5a14c63ba5 to 2ce8c125d4 2024-10-10 17:59:07 +02:00 Compare
thubrecht force-pushed declarative-buckets from 2ce8c125d4 to 822b4f3b83 2024-10-22 13:32:25 +02:00 Compare
thubrecht commented 2024-10-22 13:36:33 +02:00
Owner
Copy link

Ce serait tip top de rajouter un poil de documentation sur comment se servir de terraform

Ce serait tip top de rajouter un poil de documentation sur comment se servir de terraform
👍 1
rlahfa added the
awaiting
awaiting-author
 label 2024-12-15 20:24:07 +01:00
lbailly force-pushed declarative-buckets from 822b4f3b83 to 1351f13770 2025-05-18 16:13:22 +02:00 Compare
lbailly added 1 commit 2025-05-18 18:57:52 +02:00
style(shell/tf): better error management when reading creds environment
All checks were successful
Check meta / check_meta (pull_request) Successful in 16s
Details
Check meta / check_dns (pull_request) Successful in 17s
Details
Check workflows / check_workflows (pull_request) Successful in 18s
Details
Run pre-commit on all files / pre-commit (push) Successful in 28s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 32s
Details
Build all the nodes / netaccess01 (pull_request) Successful in 25s
Details
Build all the nodes / ap01 (pull_request) Successful in 43s
Details
Build all the nodes / netcore01 (pull_request) Successful in 24s
Details
Build all the nodes / netcore00 (pull_request) Successful in 26s
Details
Build all the nodes / netcore02 (pull_request) Successful in 24s
Details
Build all the nodes / bridge01 (pull_request) Successful in 56s
Details
Build all the nodes / geo01 (pull_request) Successful in 1m0s
Details
Build all the nodes / geo02 (pull_request) Successful in 1m0s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 1m1s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 1m5s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 1m8s
Details
Build all the nodes / lab-router01 (pull_request) Successful in 1m7s
Details
Build all the nodes / iso (pull_request) Successful in 1m11s
Details
Build all the nodes / cof02 (pull_request) Successful in 1m14s
Details
Build all the nodes / build01 (pull_request) Successful in 1m15s
Details
Build all the nodes / compute01 (pull_request) Successful in 1m20s
Details
Build the shell / build-shell (pull_request) Successful in 24s
Details
Build all the nodes / tower01 (pull_request) Successful in 47s
Details
Build all the nodes / krz01 (pull_request) Successful in 1m40s
Details
Build all the nodes / vault01 (pull_request) Successful in 1m1s
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m5s
Details
Build all the nodes / web02 (pull_request) Successful in 51s
Details
Build all the nodes / web03 (pull_request) Successful in 50s
Details
Build all the nodes / web01 (pull_request) Successful in 1m6s
Details
Build all the nodes / storage01 (pull_request) Successful in 1m34s
Details
d6fdd44277
lbailly force-pushed declarative-buckets from d6fdd44277 to e4981f43d7 2025-05-19 17:25:13 +02:00 Compare
mdebray added 1 commit 2025-05-21 14:41:59 +02:00
fix: rekey
All checks were successful
Check meta / check_dns (pull_request) Successful in 15s
Details
Check meta / check_meta (pull_request) Successful in 17s
Details
Check workflows / check_workflows (pull_request) Successful in 19s
Details
Build all the nodes / netaccess01 (pull_request) Successful in 25s
Details
Run pre-commit on all files / pre-commit (push) Successful in 28s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 32s
Details
Build all the nodes / netcore00 (pull_request) Successful in 24s
Details
Build all the nodes / ap01 (pull_request) Successful in 41s
Details
Build all the nodes / netcore01 (pull_request) Successful in 24s
Details
Build all the nodes / netcore02 (pull_request) Successful in 24s
Details
Build all the nodes / bridge01 (pull_request) Successful in 49s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 59s
Details
Build all the nodes / cof02 (pull_request) Successful in 1m0s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 1m9s
Details
Build all the nodes / geo02 (pull_request) Successful in 1m8s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 1m9s
Details
Build all the nodes / build01 (pull_request) Successful in 1m10s
Details
Build all the nodes / geo01 (pull_request) Successful in 1m9s
Details
Build all the nodes / lab-router01 (pull_request) Successful in 1m9s
Details
Build all the nodes / iso (pull_request) Successful in 1m13s
Details
Build all the nodes / compute01 (pull_request) Successful in 1m19s
Details
Build the shell / build-shell (pull_request) Successful in 23s
Details
Build all the nodes / rescue01 (pull_request) Successful in 58s
Details
Build all the nodes / tower01 (pull_request) Successful in 45s
Details
Build all the nodes / vault01 (pull_request) Successful in 57s
Details
Build all the nodes / web02 (pull_request) Successful in 54s
Details
Build all the nodes / krz01 (pull_request) Successful in 1m44s
Details
Build all the nodes / web03 (pull_request) Successful in 53s
Details
Build all the nodes / web01 (pull_request) Successful in 1m10s
Details
Build all the nodes / storage01 (pull_request) Successful in 2m9s
Details
5227a79f45
lbailly force-pushed declarative-buckets from 5227a79f45 to 7ed4bcb33b 2025-05-21 15:01:19 +02:00 Compare
lbailly force-pushed declarative-buckets from 7ed4bcb33b to b409886725 2025-05-26 15:12:41 +02:00 Compare
dgnum-chores referenced this pull request from a commit 2025-06-12 15:01:17 +02:00
lon: update proxmox-nixos
dgnum-chores referenced this pull request from a commit 2025-06-13 14:57:26 +02:00
lon: update proxmox-nixos
lbailly force-pushed declarative-buckets from b409886725 to e25add76eb 2025-06-13 19:10:10 +02:00 Compare
dgnum-chores referenced this pull request from a commit 2025-06-14 14:59:08 +02:00
lon: update proxmox-nixos
lbailly added 1 commit 2025-06-15 08:06:29 +02:00
feat(nimbolus): make nimbolus bucket
All checks were successful
Check meta / check_dns (pull_request) Successful in 17s
Details
Check workflows / check_workflows (pull_request) Successful in 18s
Details
Run pre-commit on all files / pre-commit (push) Successful in 24s
Details
Build all the nodes / Jaccess01 (pull_request) Successful in 23s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 27s
Details
Build all the nodes / Jaccess04 (pull_request) Successful in 21s
Details
Build all the nodes / ap01 (pull_request) Successful in 40s
Details
Build all the nodes / bridge01 (pull_request) Successful in 44s
Details
Build all the nodes / cof02 (pull_request) Successful in 47s
Details
Build all the nodes / build01 (pull_request) Successful in 52s
Details
Build all the nodes / geo01 (pull_request) Successful in 48s
Details
Build all the nodes / compute01 (pull_request) Successful in 1m15s
Details
Build all the nodes / geo02 (pull_request) Successful in 49s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 44s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 46s
Details
Build all the nodes / netcore01 (pull_request) Successful in 23s
Details
Build all the nodes / netcore02 (pull_request) Successful in 25s
Details
Build all the nodes / lab-router01 (pull_request) Successful in 49s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 50s
Details
Build all the nodes / iso (pull_request) Successful in 56s
Details
Build all the nodes / tower01 (pull_request) Successful in 48s
Details
Build all the nodes / vault01 (pull_request) Successful in 59s
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m17s
Details
Build all the nodes / web02 (pull_request) Successful in 59s
Details
Build the shell / build-shell (pull_request) Successful in 35s
Details
Build all the nodes / zulip01 (pull_request) Successful in 56s
Details
Build all the nodes / web03 (pull_request) Successful in 1m2s
Details
Build all the nodes / storage01 (pull_request) Successful in 1m21s
Details
Build all the nodes / web01 (pull_request) Successful in 1m12s
Details
Build all the nodes / krz01 (pull_request) Successful in 1m37s
Details
592bebda2f
dgnum-chores referenced this pull request from a commit 2025-06-15 14:59:12 +02:00
lon: update proxmox-nixos
dgnum-chores referenced this pull request from a commit 2025-06-16 14:58:59 +02:00
lon: update proxmox-nixos
dgnum-chores referenced this pull request from a commit 2025-06-17 14:59:10 +02:00
lon: update proxmox-nixos
dgnum-chores referenced this pull request from a commit 2025-06-18 14:58:20 +02:00
lon: update proxmox-nixos
All checks were successful
Check meta / check_meta (pull_request) Successful in 13s
Required
Details
Check meta / check_dns (pull_request) Successful in 17s
Required
Details
Check workflows / check_workflows (pull_request) Successful in 18s
Required
Details
Run pre-commit on all files / pre-commit (push) Successful in 24s
Required
Details
Build all the nodes / Jaccess01 (pull_request) Successful in 23s
Required
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 27s
Required
Details
Build all the nodes / Jaccess04 (pull_request) Successful in 21s
Required
Details
Build all the nodes / ap01 (pull_request) Successful in 40s
Required
Details
Build all the nodes / bridge01 (pull_request) Successful in 44s
Required
Details
Build all the nodes / cof02 (pull_request) Successful in 47s
Required
Details
Build all the nodes / build01 (pull_request) Successful in 52s
Required
Details
Build all the nodes / geo01 (pull_request) Successful in 48s
Required
Details
Build all the nodes / compute01 (pull_request) Successful in 1m15s
Required
Details
Build all the nodes / geo02 (pull_request) Successful in 49s
Required
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 44s
Required
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 46s
Required
Details
Build all the nodes / netcore01 (pull_request) Successful in 23s
Required
Details
Build all the nodes / netcore02 (pull_request) Successful in 25s
Required
Details
Build all the nodes / lab-router01 (pull_request) Successful in 49s
Required
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 50s
Required
Details
Build all the nodes / iso (pull_request) Successful in 56s
Required
Details
Build all the nodes / tower01 (pull_request) Successful in 48s
Required
Details
Build all the nodes / vault01 (pull_request) Successful in 59s
Required
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m17s
Required
Details
Build all the nodes / web02 (pull_request) Successful in 59s
Required
Details
Build the shell / build-shell (pull_request) Successful in 35s
Required
Details
Build all the nodes / zulip01 (pull_request) Successful in 56s
Required
Details
Build all the nodes / web03 (pull_request) Successful in 1m2s
Required
Details
Build all the nodes / storage01 (pull_request) Successful in 1m21s
Required
Details
Build all the nodes / web01 (pull_request) Successful in 1m12s
Required
Details
Build all the nodes / krz01 (pull_request) Successful in 1m37s
Required
Details
This pull request is marked as a work in progress.
This branch is out-of-date with the base branch
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin declarative-buckets:declarative-buckets
git checkout declarative-buckets
Sign in to join this conversation.
Reviewers
No reviewers
thubrecht
Labels
Clear labels   
awaiting
awaiting-author
Awaiting for the author interaction (e.g. QA/confirmation/final merge)

  
awaiting
awaiting-reviewer
Awaiting for a privileged reviewer to approve this PR

  
bot

Pull Request opened by a bot

  
deployed

This PR is currently deployed on the infra

  
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
awaiting
awaiting-author
awaiting
awaiting-reviewer
bot
deployed
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: DGNum/infrastructure#145
No description provided.
Delete branch "declarative-buckets"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?