Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
steveej committed Apr 19, 2024
1 parent ba235c4 commit ab1247b
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 23 deletions.
2 changes: 1 addition & 1 deletion tf/terraform.tfstate
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.1",
"serial": 187,
"serial": 296,
"lineage": "e6a55684-85ee-b3d6-b507-dece9af50fa7",
"outputs": {},
"resources": [],
Expand Down
48 changes: 30 additions & 18 deletions tf/terraform.tfstate.backup
Original file line number Diff line number Diff line change
@@ -1,11 +1,23 @@
{
"version": 4,
"terraform_version": "1.6.1",
"serial": 181,
"serial": 290,
"lineage": "e6a55684-85ee-b3d6-b507-dece9af50fa7",
"outputs": {
"vm0_console_url": {
"value": "10.1.3.1:20002",
"type": "string"
},
"vm0_mycelium_ip": {
"value": "489:6890:4bb0:c3e3:ff0f:b200:ba0b:3a42",
"type": "string"
},
"vm0_wg_config": {
"value": "\n[Interface]\nAddress = 100.64.1.2\nPrivateKey = YFA6bOgdrApht924u7obf40aNRjQdageQCofS1XUTEc=\n[Peer]\nPublicKey = bJMOPvhsNJZcuBg18Luvo0sreXYhYF2uHUlb+DxwmzU=\nAllowedIPs = 10.1.0.0/16, 100.64.0.0/16\nPersistentKeepalive = 25\nEndpoint = 185.206.122.32:15688\n\t",
"value": "\n[Interface]\nAddress = 100.64.1.2\nPrivateKey = KPRSWDu+R2wWiDvYzd0wstD8zYDXIe/ApPNV6xE5xWc=\n[Peer]\nPublicKey = f6gk+ASim/8Fg/4ckJrzBKF1JM5KIH6deimWRJEz1F4=\nAllowedIPs = 10.1.0.0/16, 100.64.0.0/16\nPersistentKeepalive = 25\nEndpoint = 185.206.122.32:28788\n\t",
"type": "string"
},
"vm0_zmachine1_ip": {
"value": "10.1.3.2",
"type": "string"
}
},
Expand Down Expand Up @@ -38,11 +50,10 @@
"provider": "provider[\"registry.opentofu.org/threefoldtech/grid\"]",
"instances": [
{
"status": "tainted",
"schema_version": 0,
"attributes": {
"disks": [],
"id": "105873",
"id": "107251",
"ip_range": null,
"name": "vm",
"network_name": "steveej_vm0",
Expand All @@ -55,22 +66,23 @@
{
"computedip": "",
"computedip6": "",
"console_url": "10.1.3.1:20003",
"console_url": "10.1.3.1:20002",
"corex": false,
"cpu": 8,
"description": "",
"entrypoint": "/init",
"env_vars": {
"DEPLOYMENT": "tofu",
"SSH_KEY": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAIODJoJ7Chi8jPTGmKQ5MlB7+TgNGznreeRW/K34v1ey23/FlnIxP9XyyLkzojKALTfAQYgqzrQV3HDSRwhd1rXB7YLq1/CiVWRJvDMTkJiOCV515eiUJGXu1G8e12d/USPNBMEzMJGvqBCIGYen5OxXkyIHIREfePNi5k337G5z9fiuiggxJl9ty6qZ4XIRgFQj9jAoShixP/+99I7XrGWeFQ1BmLZWzi20SQGKvogYnOszDZFqBAHGFnCFYHaTz2jOXXCtQsa27gr8D2iLRFaxvhB7XMK+VbpDcZGjmfRJ701XxFv15GFnFAV71hTaYqj/Ebpw9Vs02+gUp3+tt cardno:17_673_080"
},
"flist": "https://sj-bm-hostkey0.dev.infra.holochain.org/s3/tfgrid-eval/tfgrid-base.20240408.190655.fl",
"flist_checksum": "",
"gpus": null,
"ip": "10.1.3.3",
"ip": "10.1.3.2",
"memory": 4096,
"mounts": [],
"mycelium_ip": "538:11:eb34:12ea:ff0f:9a1d:33e:3d3",
"mycelium_ip_seed": "9a1d033e03d3",
"mycelium_ip": "489:6890:4bb0:c3e3:ff0f:b200:ba0b:3a42",
"mycelium_ip_seed": "b200ba0b3a42",
"name": "steveej_vm0",
"planetary": false,
"planetary_ip": "",
Expand Down Expand Up @@ -120,20 +132,20 @@
{
"schema_version": 0,
"attributes": {
"access_wg_config": "\n[Interface]\nAddress = 100.64.1.2\nPrivateKey = YFA6bOgdrApht924u7obf40aNRjQdageQCofS1XUTEc=\n[Peer]\nPublicKey = bJMOPvhsNJZcuBg18Luvo0sreXYhYF2uHUlb+DxwmzU=\nAllowedIPs = 10.1.0.0/16, 100.64.0.0/16\nPersistentKeepalive = 25\nEndpoint = 185.206.122.32:15688\n\t",
"access_wg_config": "\n[Interface]\nAddress = 100.64.1.2\nPrivateKey = KPRSWDu+R2wWiDvYzd0wstD8zYDXIe/ApPNV6xE5xWc=\n[Peer]\nPublicKey = f6gk+ASim/8Fg/4ckJrzBKF1JM5KIH6deimWRJEz1F4=\nAllowedIPs = 10.1.0.0/16, 100.64.0.0/16\nPersistentKeepalive = 25\nEndpoint = 185.206.122.32:28788\n\t",
"add_wg_access": true,
"description": "newer network",
"external_ip": "10.1.2.0/24",
"external_sk": "YFA6bOgdrApht924u7obf40aNRjQdageQCofS1XUTEc=",
"id": "399b777e-84dd-451e-81b2-2aacd869515c",
"external_sk": "KPRSWDu+R2wWiDvYzd0wstD8zYDXIe/ApPNV6xE5xWc=",
"id": "777f9639-3640-44c5-9a9c-86fc100f48b9",
"ip_range": "10.1.0.0/16",
"mycelium_keys": {
"195": "a036470f8431a0d432d06bf0a06143bb7721981021c542cb26b5028425b22064"
"195": "c82b5f075bfe4b3836654e2ce1703daa486700b678adcb8689fe705419bd1b3b"
},
"name": "steveej_vm0",
"node_deployment_id": {
"11": 105870,
"195": 105871
"11": 107249,
"195": 107250
},
"nodes": [
195
Expand Down Expand Up @@ -176,8 +188,8 @@
{
"schema_version": 0,
"attributes": {
"base64": "mh0DPgPT",
"hex": "9a1d033e03d3",
"base64": "sgC6CzpC",
"hex": "b200ba0b3a42",
"keepers": null,
"length": 6
},
Expand All @@ -194,8 +206,8 @@
{
"schema_version": 0,
"attributes": {
"base64": "oDZHD4QxoNQy0GvwoGFDu3chmBAhxULLJrUChCWyIGQ=",
"hex": "a036470f8431a0d432d06bf0a06143bb7721981021c542cb26b5028425b22064",
"base64": "yCtfB1v+Szg2ZU4s4XA9qkhnALZ4rcuGif5wVBm9Gzs=",
"hex": "c82b5f075bfe4b3836654e2ce1703daa486700b678adcb8689fe705419bd1b3b",
"keepers": null,
"length": 32
},
Expand Down
28 changes: 24 additions & 4 deletions tf/tfgrid-dev.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ variable "nixos_flake" {
default = "github:holochain/holochain-infra/workorch-zos#tfgrid-devnet-vm0"
}

variable "build_host" {
type = string
default = "root@sj-bm-hostkey0.dev.infra.holochain.org"
}

terraform {
required_providers {
grid = {
Expand Down Expand Up @@ -83,6 +88,7 @@ resource "grid_deployment" "d1" {

env_vars = {
SSH_KEY = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAIODJoJ7Chi8jPTGmKQ5MlB7+TgNGznreeRW/K34v1ey23/FlnIxP9XyyLkzojKALTfAQYgqzrQV3HDSRwhd1rXB7YLq1/CiVWRJvDMTkJiOCV515eiUJGXu1G8e12d/USPNBMEzMJGvqBCIGYen5OxXkyIHIREfePNi5k337G5z9fiuiggxJl9ty6qZ4XIRgFQj9jAoShixP/+99I7XrGWeFQ1BmLZWzi20SQGKvogYnOszDZFqBAHGFnCFYHaTz2jOXXCtQsa27gr8D2iLRFaxvhB7XMK+VbpDcZGjmfRJ701XxFv15GFnFAV71hTaYqj/Ebpw9Vs02+gUp3+tt cardno:17_673_080"
DEPLOYMENT = "tofu"
}
}

Expand All @@ -93,18 +99,32 @@ resource "grid_deployment" "d1" {
host = grid_deployment.d1.vms[0].mycelium_ip
}

# TODO: consider generating a new key, adding it to sops, and re-encrypting the secrets
provisioner "remote-exec" {
inline = [
"set -eEux -o pipefail",

# TODO: consider generating a new key, adding it to sops, and re-encrypting the secrets
"printf '' > /etc/age.key",
"chmod 400 /etc/age.key",
"echo '${data.sops_file.static-age-keys.data["tfgrid-shared"]}' >> /etc/age.key"
"echo '${data.sops_file.static-age-keys.data["tfgrid-shared"]}' >> /etc/age.key",
]
}

provisioner "local-exec" {
command = "env NIX_SSHOPTS='-o StrictHostKeyChecking=accept-new' nixos-rebuild --no-build-nix --build-host root@sj-bm-hostkey0.dev.infra.holochain.org --target-host root@${grid_deployment.d1.vms[0].mycelium_ip} --refresh --flake ${var.nixos_flake} switch"
provisioner "remote-exec" {
inline = [
"set -eEux -o pipefail",

# switch to a deployment specific profile
# can use build-host only if the local agent has access to it
"export NIX_SSHOPTS='-o StrictHostKeyChecking=accept-new'",
# "systemctl restart dbus",
# "nixos-rebuild -v --build-host ${var.build_host} --flake ${var.nixos_flake} switch"
]
}

# TODO: figure out how to avoid evaluating on the target system.
# ssh root@sj-bm-hostkey0.dev.infra.holochain.org "nix build --print-out-paths --no-link -vL github:holochain/holochain-infra/workorch-zos#nixosConfigurations.tfgrid-devnet-vm0.config.system.build.toplevel"

}

output "vm0_wg_config" {
Expand Down

0 comments on commit ab1247b

Please sign in to comment.