Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2019-12-14 | r/135 chore(infra/nixos): Remove deprecated local packages | Vincent Ambo | 2 | -48/+0 | |
2019-12-14 | r/134 chore(infra/nixos): Mark folder as "not to be evaluated" | Vincent Ambo | 1 | -0/+6 | |
2019-12-14 | r/132 merge(nixos): Merge (unrelated) NixOS config history into infra/ | Vincent Ambo | 19 | -0/+1315 | |
2019-12-14 | chore(nixos): Move NixOS config to infra/nixos | Vincent Ambo | 19 | -0/+1315 | |
2019-11-15 | fix(k8s): Adjust blog image name to match new repo layout | Vincent Ambo | 1 | -1/+1 | |
2019-10-26 | r/92 chore(k8s): Bump deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-10-25 | chore: Bump Nixery version & package set configuration | Vincent Ambo | 2 | -0/+3 | |
2019-09-21 | r/86 chore(k8s): Bump deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-09-21 | r/83 refactor(k8s): Parameterise the nginx version | Vincent Ambo | 2 | -1/+3 | |
2019-09-04 | r/82 fix(k8s): Reinsert passLookup newline after kontemplate trims it | Vincent Ambo | 2 | -1/+2 | |
SSH can not read the key without the trailing newline. Ideally kontemplate would expose a toggle for this. | |||||
2019-09-04 | fix(k8s): Move nixery-secrets to the correct namespace | Vincent Ambo | 1 | -6/+5 | |
2019-09-03 | feat(k8s): Insert Nixery's secrets via kontemplate | Vincent Ambo | 5 | -4/+25 | |
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now. | |||||
2019-09-03 | feat(gcp): Create Cloud KMS resources for encrypting secrets | Vincent Ambo | 1 | -8/+28 | |
The idea here is to use Cloud KMS and a shell script that mimics 'pass' to trick kontemplate into using Cloud KMS to decrypt secrets. | |||||
2019-09-03 | chore(gcp): Remove monorepo repository | Vincent Ambo | 1 | -5/+0 | |
The repository is now public on Github. | |||||
2019-09-03 | r/78 chore(k8s): Update deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-09-02 | r/75 fix(k8s): Add nginx route for load-balancer health checks | Vincent Ambo | 3 | -3/+11 | |
2019-09-02 | fix(k8s): nginx does not need to be pinned to gitHEAD | Vincent Ambo | 1 | -1/+1 | |
2019-09-02 | chore(k8s): Point Nixery at public depot URL | Vincent Ambo | 1 | -2/+1 | |
2019-09-02 | feat(k8s): Route oslo.pub to nginx in ingress | Vincent Ambo | 1 | -1/+9 | |
2019-09-02 | feat(k8s): Add nginx instance for oslo.pub redirect | Vincent Ambo | 3 | -0/+92 | |
The redirect is currently all that this instance does. It is required because HTTP load balancers in GCP don't support URL rewriting. | |||||
2019-09-02 | chore(k8s): Provision certificate for oslo.pub | Vincent Ambo | 1 | -0/+5 | |
2019-09-02 | chore(infra): Remove NixOS configuration for servers | Vincent Ambo | 8 | -3791/+0 | |
This configuration is no longer in use. The Gemma configuration file has been moved over to the k8s folder from where it will be templated into the actual configuration. | |||||
2019-08-27 | r/67 feat(k8s): Configure HTTPS ingress for the blog | Vincent Ambo | 3 | -0/+29 | |
Uses Google-managed certificates and an Ingress resource to set up an HTTPS load-balancer. This probably won't be the final version as the GKE Ingress is very limited and can not do things like redirect URLs, which I need to decommission the old setup. | |||||
2019-08-27 | r/66 feat(k8s): Add Google managed TLS certificates | Vincent Ambo | 2 | -0/+19 | |
Introduces certificates for tazj.in & www.tazj.in. | |||||
2019-08-25 | r/58 chore(gcp): Enable Cloud DNS service | Vincent Ambo | 1 | -0/+1 | |
2019-08-23 | r/56 chore(k8s): More tazblog replicas | Vincent Ambo | 1 | -1/+1 | |
2019-08-19 | r/40 feat(infra/k8s): Add in-cluster tazblog deployment via Nixery | Vincent Ambo | 2 | -0/+22 | |
First deployment actually using a Nixery image and `gitHEAD`. This does not actually serve a working blog for various reasons. The current storage mechanism (acid-state) isn't really appropriate anymore and I'll need to change that soon. | |||||
2019-08-19 | r/39 chore(infra/k8s): Bump Nixery image to Cachix-enabled one | Vincent Ambo | 2 | -2/+2 | |
2019-08-16 | r/37 fix(infra/k8s): Always pull a Nixery image | Vincent Ambo | 1 | -0/+1 | |
2019-08-16 | r/36 feat(infra/k8s): Deploy Nixery instance to cluster | Vincent Ambo | 2 | -0/+80 | |
2019-08-16 | r/35 feat(infra/gcp): Add Terraform configuration for GKE & friends | Vincent Ambo | 2 | -0/+90 | |
Sets up Terraform itself, a GKE cluster, a storage bucket and all the other little things required to get the basics running. | |||||
2019-07-02 | refactor(infra): Move infrastructure into monorepo structure | Vincent Ambo | 12 | -0/+3872 | |