Commit graph

8 commits

Author SHA1 Message Date
Vincent Ambo
aa122cbae7 style: format entire depot with nixpkgs-fmt
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).

Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
2022-01-31 16:11:53 +00:00
William Carroll
d24eef0735 fix(wpcarro/terraform): Drop source_tags (prefer source_ranges)
source_tags means:

> the firewall will apply only to traffic with source IP that belongs to a tag
> listed in source tags.

This mechanism exists (presumably) for local networking between instances that I
manage. For ingress traffic, I'd like to open these ports to the wider
internet.

Change-Id: If0963c853f10f3c205581cce100671714a5f6a3a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4750
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-01-08 05:31:54 +00:00
William Carroll
39e59c740d feat(wpcarro/diogenes): Nixify diogenes's Terraform configuration
TL;DR:
- Define googleCloudVM function to provision NixOS VMs on Google Cloud.
- Consume googleCloudVM in diogenes/default.nix
- Define README.md for basic usage instructions (subject to change).
- Delete diogenes's HCL
- Remove `diogenesSystem` from meta.targets

I'm still having trouble with DNS:
- I need to transfer the Google Domains config to Cloud DNS
- `host billandhiscomputer.com` is NXDOMAIN, so I don't trust my tf DNS config
- This is preventing me from getting SSL certs, which blocks my website, quassel

Change-Id: If315876c96298e83a5953f13b62784d2f65a1024
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4747
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-01-08 05:31:50 +00:00
William Carroll
d3c20a44d3 feat(wpcarro/terraform): Attach 100GB external disk to VM
I'm mimmicking the setup of diogenes-1 until I switch everything over to the
terraform-defined diogenes.

Change-Id: Ic9b54909696616b5f206bbf982ff556f053c424e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4738
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-29 18:51:58 +00:00
William Carroll
b810956802 feat(wpcarro/terraform): Support SSH
Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn
for the pointers.

Problem: When I originally setup my Google VM, I followed this tutorial,
https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing
`nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l
gs://nixos-images`). Critically, I missed this important footnote:

> NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and
> will instead need to be found at
> <nixpkgs/nixos/modules/virtualisation/gce-images.nix>.

It turns out that *newer* images include this script...
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash
...which reads the key, "sshKeys", from the Google metadata server and copies
the value into /root/.ssh/authorized_keys.

To make matters a bit misleading, the NixOS script expects the key to be
"sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both
versions appear in this commit).

TL;DR:
- upgrading to a newer NixOS image
- adding an empty access_config block so Google will assign my VM an external IP
- removing oslogin (not necessary to do, and I may add it back later)
- adding my public SSH key as metadata

Change-Id: If624fe77afd47b31fa7be0a1dd4a55512317eef0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4737
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-29 18:49:57 +00:00
Vincent Ambo
350c5eae46 style(wpcarro/terraform): Apply terraform fmt to files
This is going to be enforced in CI very shortly (it already kind of
was, but not really).

Change-Id: I8569d030e31230f077371bd1644b75f048271a0e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4728
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: wpcarro <wpcarro@gmail.com>
2021-12-28 12:57:53 +00:00
William Carroll
413c421e8b feat(wpcarro/terraform): Configure firewall
When I include "80" and "443" in the allowed TCP ports, the ports don't appear
to be open, but when I add the tags "http-server" and "https-server", which I
don't control, they do. I'm not sure what's going on, but I don't want to let
perfect be the enemy of good...

Change-Id: I46097a9d80708d14261b0af34c16ab1129aa8107
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4725
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2021-12-28 02:31:51 +00:00
William Carroll
3a85d8cede feat(wpcarro/terraform): Encode diogenes as terraform configuration
Some reference commands for my future self (blog post forthcoming?):

```shell
$ nix-shell -p google-cloud-sdk terraform
$ gcloud auth application-default login # stateful
$ terraform init
$ terraform apply
```

What's left for feature parity?
- Encode 100GB external disk as resource
- Encode firewall as resource
- Ensure marcus can SSH to instance

Stretch goals:
- Spin-up fully NixOS-configured instances

Change-Id: If156a5b0a2a0f8bfdf2548a4b5f592a77409fcb5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4724
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
2021-12-28 02:03:48 +00:00