| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | vps.tf: Name VPS volume derived from droplet name | EuAndreh | 2020-08-02 | 1 | -1/+1 |
| * | vps.tf: Add missing host to digitalocean_droplet due to update | EuAndreh | 2020-08-02 | 1 | -0/+1 |
| * | vps.tf: Update to new Terraform syntax | EuAndreh | 2020-08-02 | 1 | -21/+21 |
| * | Comment sections of vps.tf | EuAndreh | 2019-06-11 | 1 | -0/+8 |
| * | Output all generated files on ./generated/, refactor .envrc variables | EuAndreh | 2019-06-10 | 1 | -1/+1 |
| * | Provision DNS entries using DigitalOcean instead of DNS registrar•••This way we can implement dynamic (provision-time) Floating IP, instead of a
hardcoded pre-created Floating IP address.
Related changes:
- remove =terraform-godaddy= provider, use =digitalocean_record= instead;
- create =generated-known-hosts= after provisioning instead of during
=setup.sh=: use the =$(terraform output public_floating_ip)= value to make this
file dynamic;
- remote the =$PINNED_IP= and =$TF_VAR_floating_ip= variables;
- add type and descriptions to variable declarations in Terraform recipe.
| EuAndreh | 2019-06-10 | 1 | -28/+50 |
| * | Format vps.tf (terraform linter offense) | EuAndreh | 2019-06-08 | 1 | -3/+3 |
| * | Use terraform-godaddy and Terraform 0.11•••The =terraform-godaddy= package supports only Terraform 0.11 as of now.
It is not packaged by default by nixpkgs, and the =postInstall= hook is required
because Terraform looks for providers usinthe the =terraform-provider-$name=
template, which the package doesn't follow.
I had to remove the loop on vps.tf since it requires Terraform 0.12. I'll either
wait for =terraform-godaddy= to upgrade to 0.12 or try to do it myself if it
bothers me enough.
| EuAndreh | 2019-06-08 | 1 | -8/+14 |
| * | Provision DNS entries with Terraform! :tada:•••Before all the DNS entries had to be entered manually on the web UI.
| EuAndreh | 2019-06-08 | 1 | -0/+22 |
| * | Format vps.tf (linter offense) | EuAndreh | 2019-06-05 | 1 | -1/+1 |
| * | Add volume to VPS•••Don't destroy everything on deploy. This would destroy the volume too.
| EuAndreh | 2019-06-05 | 1 | -0/+13 |
| * | Format vps.tf (linter offense) | EuAndreh | 2019-06-05 | 1 | -1/+1 |
| * | Use Ansible instead of Bash for provisioning•••The deployment is not quite working, and I'm unable to test right now:
DigitalOcean is returning 503 for my requests.
As of this commit, I can run =ansible-playbook provider.yml= more than once and
it will actually be idempotent.
Notes:
- SSH fingerprint are now taken from the public key file instead of manually
supplying it in the terraform template using the =digitalocean_ssh_key=
resource;
- use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets
created by Terraform;
- use the =filename.env.extension= to create the concrete files in CI;
- use the =user_data= to add the know SSH key pair to the newly created Droplet;
- add =rotate-ssh-keys.sh= utils;
| EuAndreh | 2019-06-05 | 1 | -5/+11 |
| * | Fix vps.tf formatting (linter offense) | EuAndreh | 2019-05-28 | 1 | -1/+1 |
| * | Use Floating IP on Droplet | EuAndreh | 2019-05-28 | 1 | -0/+6 |
| * | Use correct Droplet size slug•••Taken from https://developers.digitalocean.com/documentation/v2/#list-all-sizes
| EuAndreh | 2019-05-28 | 1 | -1/+1 |
| * | Rename ./secrets/id_rsa{.pub} -> ./secrets/vps_box{.pub} | EuAndreh | 2019-05-28 | 1 | -1/+1 |
| * | Fix terraform fmt offense | EuAndreh | 2019-05-26 | 1 | -1/+1 |
| * | Automate provisioning and deployment of VPS•••In order to perform that I had to remove Terraform's =.tfstate= files from the
repository. Terraform does support "backends" for storing the state files, but I
settled for storing it on a separate repo (vps-state).
For now it solves the state management problem:
- it has history of states;
- all state files are GPG encrypted;
- there's no coordination however, but only the CI should perform a deploy in
order to avoid race conditions.
I had to add GPG and SSH keys to sr.ht to achieve that:
- SSH public key to my profile to authorize it to push to vps-state repo;
- SSH private key to the secret builds.sr.ht environment to enable push to the
repository from the pipeline;
- GPG public key to git-crypt to make it possible for the pipeline to unlock the
encrypted content;
- GPG private key to the secret builds.sr.ht environment to enable decrypting
git-crypt content from the pipeline.
In order to avoid divergent environment from local and CI, the ./provision.sh
script is ran through nix-shell.
| EuAndreh | 2019-05-26 | 1 | -1/+5 |
| * | Increase droplet image to 1024mb | EuAndreh | 2019-05-25 | 1 | -1/+1 |
| * | Remove provisioning from Terraform | EuAndreh | 2019-05-25 | 1 | -4/+0 |
| * | Move provisioning code into provision.sh | EuAndreh | 2019-05-25 | 1 | -8/+1 |
| * | Add lint checks and a pipeline to check using Nix | EuAndreh | 2019-05-25 | 1 | -1/+0 |
| * | Format vps.tf | EuAndreh | 2019-05-25 | 1 | -13/+16 |
| * | Don't use pub_key and pvt_key as input variables•••Embed SSH keypair directly into git-crypt.
| EuAndreh | 2019-05-25 | 1 | -5/+6 |
| * | Add simple DigitalOcean droplet skeleton for Terraform | EuAndreh | 2019-05-25 | 1 | -0/+36 |
