forked from Fediversity/Fediversity
84 lines
2.4 KiB
Markdown
84 lines
2.4 KiB
Markdown
# Infra
|
|
|
|
This directory contains the definition of [the VMs](machines.md) that host our
|
|
infrastructure.
|
|
|
|
## Provisioning VMs with an initial configuration
|
|
|
|
NOTE[Niols]: This is very manual and clunky.
|
|
|
|
1. Choose names for your VMs. It is recommended to choose `fediXXX`, with `XXX`
|
|
above 100. For instance, `fedi117`.
|
|
|
|
2. Add a basic configuration for the machine. These typically go in
|
|
`infra/machines/<name>/default.nix`. You can look at other `fediXXX` VMs to
|
|
find inspiration. You probably do not need a `nixos.module` option at this
|
|
point.
|
|
|
|
2. Add a file for each of those VM's public keys, eg.
|
|
```
|
|
touch keys/systems/fedi117.pub
|
|
```
|
|
Those files need to exist during provisioning, but their content matters only
|
|
when updating the machines' configuration.
|
|
|
|
FIXME: Remove this step by making the provisioning script not fail with the
|
|
public key does not exist yet.
|
|
|
|
3. Run the provisioning script:
|
|
```
|
|
sh infra/proxmox-provision.sh fedi117
|
|
```
|
|
The script can take several ids at the same time. It requires some
|
|
authentication options and provides several more. See `--help`.
|
|
|
|
4. (Optional) Add a DNS entry for the machine; for instance `fedi117.abundos.eu
|
|
A 95.215.187.117`.
|
|
|
|
5. Grab the public host keys for the machines in question, and add it to the
|
|
repository. For instance:
|
|
```
|
|
ssh fedi117.abundos.eu 'sudo cat /etc/ssh/ssh_host_ed25519_key.pub' > keys/systems/fedi117.pub
|
|
```
|
|
|
|
FIXME: Make the provisioning script do that for us.
|
|
|
|
7. Regenerate the list of machines:
|
|
```
|
|
sh infra/machines.md.sh
|
|
```
|
|
Commit it with the machine's configuration, public key, etc.
|
|
|
|
8. At this point, the machine contains a very basic configuration that contains
|
|
just enough for it to boot and be reachable. Go on to the next section to
|
|
update the machine and put an actual configuration.
|
|
|
|
FIXME: Figure out why the full configuration isn't on the machine at this
|
|
point and fix it.
|
|
|
|
## Updating existing VM configurations
|
|
|
|
Their configuration can be updated:
|
|
|
|
```sh
|
|
tofu apply
|
|
```
|
|
|
|
## Removing an existing VM
|
|
|
|
See `infra/proxmox-remove.sh --help`.
|
|
|
|
# TODO
|
|
|
|
- does it know the key?
|
|
- can it access the key?
|
|
- place in credentials, maybe like nixops
|
|
- secrets
|
|
- test deployed application
|
|
- ssh keys
|
|
- other infra (incl import)
|
|
- TF for users
|
|
- deploy deployment (#76)
|
|
- handle infra state (#169)
|
|
- handle user state (#169)
|
|
- provision VMs (#116)
|