Commit graph

11 commits

Author SHA1 Message Date
Vincent Ambo
eae70200ce feat(corp/ops): configure data storage bucket
Note that there doesn't seem to be a TF resource type for the IAM
binding between the bucket and the service account itself (other than
applying to all buckets in the folder, which I don't want).

For this reason I've added the `storage.uploader` IAM binding to the
`rih-backend` service account *on the bucket* manually.

Change-Id: I9fb06c7857e61dc642d9ea0d89159a0e343dc984
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8728
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-06-09 12:21:59 +00:00
Vincent Ambo
fb7db9b692 feat(corp/ops): configure hosting setup for backend domain
Change-Id: Ia0298e3be2e16ac5dbc2b8aec1e840aa3af947e9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8719
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-06-09 12:21:59 +00:00
Vincent Ambo
1e70cd1c4f feat(corp/ops): initial resources for running rih container
Change-Id: Ie7276396bbfcff64d91ca8cc655cad6927fd6599
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8718
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-09 12:21:59 +00:00
Vincent Ambo
70b87c1797 feat(corp/ops): configure bucket hosting configuration
This doesn't have redirects for weird routes yet, but I think that's
doable somehow.

Change-Id: Iaaac711304f9b2bd8ea04302940e9e9259cd67c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8663
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
2023-05-31 11:43:17 +00:00
Vincent Ambo
9c7da22e5b feat(corp/ops): initial hosting bucket & TLS configuration
Doesn't actually have bucket serving or access configuration yet, one
step at a time!

Change-Id: I0ce9b3b077252395bd807fad44cbdca40cdeac49
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8649
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-05-27 11:40:41 +00:00
Vincent Ambo
e779b866cc chore(corp/ops): yc-cli: 0.104 -> 0.106
Change-Id: If783a7a4315ecab70f20347a66fb72f682dbd97c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8609
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-05-23 10:17:24 +00:00
Vincent Ambo
6daf91c9cd feat(corp/ops): add NixOS profile for Yandex Cloud machines
Sets up a virtual machine image that is bootable on Yandex Cloud.

There are some slightly wonky behaviours still, like cloud-init
apparently putting all keys into root's authorized_keys no matter what
is specified in the metadata, but it does work now.

Change-Id: I57dcb7fcfa6872a28855dc1347f73a6db3c56828
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8496
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-24 10:56:40 +00:00
Vincent Ambo
c7392b3c6b chore(corp/ops): move terraform config into subfolder
Change-Id: Iad5ad8d9a48c300faf2e4be7003879656817b518
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8495
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-24 10:56:40 +00:00
Vincent Ambo
111e1d38e5 feat(corp/ops): configure state bucket for terraform
This was a bit trickier than I anticipated, because there's no good
ways to avoid passing the credentials around manually.

What's basically happening now is that the credentials for the state
bucket are checked in (encrypted), and sourcing `creds.fish` uses the
cloud HSM to decrypt and load them into the environment.

Change-Id: I3f5ce1c9bd9d5efbf1013414f94771a09ea3a488
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8494
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-24 10:56:40 +00:00
Vincent Ambo
0637ab3add feat(corp/ops): add yc-cli
Change-Id: If6578693a5d5ef49d059735eeade3bebf13c4d16
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8493
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-24 10:56:40 +00:00
Vincent Ambo
55c9f4a803 feat(corp/ops): bootstrap separate corp terraform config
Doesn't actually contain any configuration yet, just setting up TF
with the right providers and so on.

Change-Id: Ia7128dd977b4ff69eebaa36c6cad6ac104cafcdb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8492
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-24 10:56:40 +00:00