diff --git a/infra/README.md b/infra/README.md index fef93f67..c89b488d 100644 --- a/infra/README.md +++ b/infra/README.md @@ -2,7 +2,64 @@ This directory contains the definition of the VMs that host our infrastructure. -## NixOps4 +## Provisioning VMs with an initial configuration + +NOTE[Niols]: This is very manual and clunky. Two things will happen. In the near +future, I will improve the provisioning script to make this a bit less clunky. +In the far future, NixOps4 will be able to communicate with Proxmox directly and +everything will become much cleaner. + +1. Choose an id and name for your VMs. It is recommended to choose the first + free id above 100. As for the name, it is recommended to choose `fedi`. + For instance, `fedi117` with id `117`. + +2. Add a basic configuration for the machine. These typically go in + `infra//default.nix`. You can look at other `fedi` VMs to find + inspiration. You probably do not need a `nixos.module` option at this point. + +3. Add the machine to a deployment. This takes place in `infra/flake-parts.nix`. + Please remember to also update the table at the end of this file. + + FIXME: Generate the table automatically (https://git.fediversity.eu/Fediversity/Fediversity/issues/89) + +2. Add a file for each of those VM's public keys, eg. + ``` + touch keys/systems/fedi117.pub + ``` + Those files need to exist during provisioning, but their content matters only + when updating the machines' configuration. + + FIXME: Remove this step by making the provisioning script not fail with the + public key does not exist yet. + +3. Run the provisioning script: + ``` + sh infra/proxmox-provision.sh 117 + ``` + The script can take several ids at the same time. It requires some + authentication options and provides several more. See `--help`. + +4. (Optional) Add a DNS entry for the machine; for instance `fedi117.abundos.eu + A 95.215.187.117`. + +5. Grab the public host keys for the machines in question, and add it to the + repository. For instance: + ``` + ssh fedi117.abundos.eu 'sudo cat /etc/ssh/ssh_host_ed25519_key.pub' > keys/systems/fedi117.pub + ``` + + FIXME: Make the provisioning script do that for us. + +7. Commit the machine's configuration, public key, etc. + +8. At this point, the machine contains a very basic configuration that contains + just enough for it to boot and be reachable. Go on to the next section to + update the machine and put an actual configuration. + + FIXME: Figure out why the full configuration isn't on the machine at this + point and fix it. + +## Updating existing VM configurations Their configuration can be updated via NixOps4. Run