| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This way we can implement dynamic (provision-time) Floating IP, instead of a
hardcoded pre-created Floating IP address.
Related changes:
- remove =terraform-godaddy= provider, use =digitalocean_record= instead;
- create =generated-known-hosts= after provisioning instead of during
=setup.sh=: use the =$(terraform output public_floating_ip)= value to make this
file dynamic;
- remote the =$PINNED_IP= and =$TF_VAR_floating_ip= variables;
- add type and descriptions to variable declarations in Terraform recipe.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This reverts commit 4d04172f9027203e3656f74bd8cecdc0d9c45e69.
|
| |
|
|
| |
This reverts commit 5ad5984f47860bdf3a85abeddef18d17c2095e69.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The =terraform-godaddy= package supports only Terraform 0.11 as of now.
It is not packaged by default by nixpkgs, and the =postInstall= hook is required
because Terraform looks for providers usinthe the =terraform-provider-$name=
template, which the package doesn't follow.
I had to remove the loop on vps.tf since it requires Terraform 0.12. I'll either
wait for =terraform-godaddy= to upgrade to 0.12 or try to do it myself if it
bothers me enough.
|
| | |
|
| | |
|
| |
|
|
| |
Required to run =ansible-playbook= in the CI pipeline.
|
| |
|
|
| |
It wasn't trivial to configure: Ansible tried to work on /homeless-shelter :facepalm:
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This way we make sure the =shell= derivation always builds, instead of seeing
these kinds of failure during CI runs when it's trying to deploy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This derivation sources =.envrc= and it's output can potentially leak secret
environment variables from it.
|
| |
|
|
|
|
|
| |
Add gitMinimal package to baseTasks to allow any derivation to =source .envrc=
freely.
dockerComposeLint sources it to properly lint the file that will be ran.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Instead of adding them to the =packages= section of .build.yml.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to perform that I had to remove Terraform's =.tfstate= files from the
repository. Terraform does support "backends" for storing the state files, but I
settled for storing it on a separate repo (vps-state).
For now it solves the state management problem:
- it has history of states;
- all state files are GPG encrypted;
- there's no coordination however, but only the CI should perform a deploy in
order to avoid race conditions.
I had to add GPG and SSH keys to sr.ht to achieve that:
- SSH public key to my profile to authorize it to push to vps-state repo;
- SSH private key to the secret builds.sr.ht environment to enable push to the
repository from the pipeline;
- GPG public key to git-crypt to make it possible for the pipeline to unlock the
encrypted content;
- GPG private key to the secret builds.sr.ht environment to enable decrypting
git-crypt content from the pipeline.
In order to avoid divergent environment from local and CI, the ./provision.sh
script is ran through nix-shell.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
