about summary refs log tree commit diff
path: root/users/wpcarro/terraform/gcp.tf
AgeCommit message (Collapse)AuthorFilesLines
2022-01-08 r/3531 feat(wpcarro/diogenes): Nixify diogenes's Terraform configurationWilliam Carroll1-79/+0
TL;DR: - Define googleCloudVM function to provision NixOS VMs on Google Cloud. - Consume googleCloudVM in diogenes/default.nix - Define README.md for basic usage instructions (subject to change). - Delete diogenes's HCL - Remove `diogenesSystem` from meta.targets I'm still having trouble with DNS: - I need to transfer the Google Domains config to Cloud DNS - `host billandhiscomputer.com` is NXDOMAIN, so I don't trust my tf DNS config - This is preventing me from getting SSL certs, which blocks my website, quassel Change-Id: If315876c96298e83a5953f13b62784d2f65a1024 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4747 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-29 r/3499 feat(wpcarro/terraform): Attach 100GB external disk to VMWilliam Carroll1-0/+11
I'm mimmicking the setup of diogenes-1 until I switch everything over to the terraform-defined diogenes. Change-Id: Ic9b54909696616b5f206bbf982ff556f053c424e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4738 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de> Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-29 r/3498 feat(wpcarro/terraform): Support SSHWilliam Carroll1-5/+8
Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn for the pointers. Problem: When I originally setup my Google VM, I followed this tutorial, https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing `nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l gs://nixos-images`). Critically, I missed this important footnote: > NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and > will instead need to be found at > <nixpkgs/nixos/modules/virtualisation/gce-images.nix>. It turns out that *newer* images include this script... https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash ...which reads the key, "sshKeys", from the Google metadata server and copies the value into /root/.ssh/authorized_keys. To make matters a bit misleading, the NixOS script expects the key to be "sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both versions appear in this commit). TL;DR: - upgrading to a newer NixOS image - adding an empty access_config block so Google will assign my VM an external IP - removing oslogin (not necessary to do, and I may add it back later) - adding my public SSH key as metadata Change-Id: If624fe77afd47b31fa7be0a1dd4a55512317eef0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4737 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2021-12-28 r/3489 style(wpcarro/terraform): Apply terraform fmt to filesVincent Ambo1-9/+9
This is going to be enforced in CI very shortly (it already kind of was, but not really). Change-Id: I8569d030e31230f077371bd1644b75f048271a0e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4728 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: wpcarro <wpcarro@gmail.com>
2021-12-28 r/3486 feat(wpcarro/terraform): Configure firewallWilliam Carroll1-2/+20
When I include "80" and "443" in the allowed TCP ports, the ports don't appear to be open, but when I add the tags "http-server" and "https-server", which I don't control, they do. I'm not sure what's going on, but I don't want to let perfect be the enemy of good... Change-Id: I46097a9d80708d14261b0af34c16ab1129aa8107 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4725 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
2021-12-28 r/3485 feat(wpcarro/terraform): Encode diogenes as terraform configurationWilliam Carroll1-0/+47
Some reference commands for my future self (blog post forthcoming?): ```shell $ nix-shell -p google-cloud-sdk terraform $ gcloud auth application-default login # stateful $ terraform init $ terraform apply ``` What's left for feature parity? - Encode 100GB external disk as resource - Encode firewall as resource - Ensure marcus can SSH to instance Stretch goals: - Spin-up fully NixOS-configured instances Change-Id: If156a5b0a2a0f8bfdf2548a4b5f592a77409fcb5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4724 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI