about summary refs log tree commit diff
path: root/infra
AgeCommit message (Collapse)AuthorFilesLines
2019-12-14 r/135 chore(infra/nixos): Remove deprecated local packagesVincent Ambo2-48/+0
2019-12-14 r/134 chore(infra/nixos): Mark folder as "not to be evaluated"Vincent Ambo1-0/+6
2019-12-14 r/132 merge(nixos): Merge (unrelated) NixOS config history into infra/Vincent Ambo19-0/+1315
2019-12-14 chore(nixos): Move NixOS config to infra/nixosVincent Ambo19-0/+1315
2019-11-15 fix(k8s): Adjust blog image name to match new repo layoutVincent Ambo1-1/+1
2019-10-26 r/92 chore(k8s): Bump deployed Nixery versionVincent Ambo1-1/+1
2019-10-25 chore: Bump Nixery version & package set configurationVincent Ambo2-0/+3
2019-09-21 r/86 chore(k8s): Bump deployed Nixery versionVincent Ambo1-1/+1
2019-09-21 r/83 refactor(k8s): Parameterise the nginx versionVincent Ambo2-1/+3
2019-09-04 r/82 fix(k8s): Reinsert passLookup newline after kontemplate trims itVincent Ambo2-1/+2
SSH can not read the key without the trailing newline. Ideally kontemplate would expose a toggle for this.
2019-09-04 fix(k8s): Move nixery-secrets to the correct namespaceVincent Ambo1-6/+5
2019-09-03 feat(k8s): Insert Nixery's secrets via kontemplateVincent Ambo5-4/+25
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now.
2019-09-03 feat(gcp): Create Cloud KMS resources for encrypting secretsVincent Ambo1-8/+28
The idea here is to use Cloud KMS and a shell script that mimics 'pass' to trick kontemplate into using Cloud KMS to decrypt secrets.
2019-09-03 chore(gcp): Remove monorepo repositoryVincent Ambo1-5/+0
The repository is now public on Github.
2019-09-03 r/78 chore(k8s): Update deployed Nixery versionVincent Ambo1-1/+1
2019-09-02 r/75 fix(k8s): Add nginx route for load-balancer health checksVincent Ambo3-3/+11
2019-09-02 fix(k8s): nginx does not need to be pinned to gitHEADVincent Ambo1-1/+1
2019-09-02 chore(k8s): Point Nixery at public depot URLVincent Ambo1-2/+1
2019-09-02 feat(k8s): Route oslo.pub to nginx in ingressVincent Ambo1-1/+9
2019-09-02 feat(k8s): Add nginx instance for oslo.pub redirectVincent Ambo3-0/+92
The redirect is currently all that this instance does. It is required because HTTP load balancers in GCP don't support URL rewriting.
2019-09-02 chore(k8s): Provision certificate for oslo.pubVincent Ambo1-0/+5
2019-09-02 chore(infra): Remove NixOS configuration for serversVincent Ambo8-3791/+0
This configuration is no longer in use. The Gemma configuration file has been moved over to the k8s folder from where it will be templated into the actual configuration.
2019-08-27 r/67 feat(k8s): Configure HTTPS ingress for the blogVincent Ambo3-0/+29
Uses Google-managed certificates and an Ingress resource to set up an HTTPS load-balancer. This probably won't be the final version as the GKE Ingress is very limited and can not do things like redirect URLs, which I need to decommission the old setup.
2019-08-27 r/66 feat(k8s): Add Google managed TLS certificatesVincent Ambo2-0/+19
Introduces certificates for tazj.in & www.tazj.in.
2019-08-25 r/58 chore(gcp): Enable Cloud DNS serviceVincent Ambo1-0/+1
2019-08-23 r/56 chore(k8s): More tazblog replicasVincent Ambo1-1/+1
2019-08-19 r/40 feat(infra/k8s): Add in-cluster tazblog deployment via NixeryVincent Ambo2-0/+22
First deployment actually using a Nixery image and `gitHEAD`. This does not actually serve a working blog for various reasons. The current storage mechanism (acid-state) isn't really appropriate anymore and I'll need to change that soon.
2019-08-19 r/39 chore(infra/k8s): Bump Nixery image to Cachix-enabled oneVincent Ambo2-2/+2
2019-08-16 r/37 fix(infra/k8s): Always pull a Nixery imageVincent Ambo1-0/+1
2019-08-16 r/36 feat(infra/k8s): Deploy Nixery instance to clusterVincent Ambo2-0/+80
2019-08-16 r/35 feat(infra/gcp): Add Terraform configuration for GKE & friendsVincent Ambo2-0/+90
Sets up Terraform itself, a GKE cluster, a storage bucket and all the other little things required to get the basics running.
2019-07-02 refactor(infra): Move infrastructure into monorepo structureVincent Ambo12-0/+3872