vivlim
/
snoottube-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rebuild ingress vm

This commit is contained in:
Vivian Lim 2024-02-03 01:09:54 -08:00
parent caba4dafff
commit e9bb7829ae
5 changed files with 199 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
azure-upload-vm-image.sh Executable file
View File

@ -0,0 +1,164 @@
#!/usr/bin/env -S nix develop --command bash
# Based on https://github.com/society-for-the-blind/nixos-azure-deploy/blob/main/nixos/maintainers/scripts/azure-new/upload-image.sh
# but only the part i need, namely, uploading an image.
####################################################
# AZ LOGIN CHECK #
####################################################
# Making sure that one is logged in (to avoid
# surprises down the line).
if [ $(az account list | jq -r 'length') -eq 0 ]
then
echo '********************************************************'
echo 'Please log into Azure now, and run the script again.'
echo '********************************************************'
az login
exit 1
fi
####################################################
# HELPERS #
####################################################
show_id() {
az $1 show \
--resource-group "${resource_group}" \
--name "${img_name}" \
--query "[id]" \
--output tsv
}
usage() {
echo ''
echo 'USAGE: (Every switch requires an argument)'
echo ''
echo '-g --resource-group REQUIRED Created if does not exist. Will'
echo ' house a new disk and the created'
echo ' image.'
echo ''
echo '-n --image-name REQUIRED The name of the image created'
echo ' (and also of the new disk).'
echo ''
echo '-i --image-path Path to the image to upload.'
echo ' Generate using nixos-generators.'
echo ' Defaults to ./result/disk.vhd'
echo ''
echo '-l --location Values from `az account list-locations`.'
echo ' Default value: "westus2".'
}
####################################################
# SWITCHES #
####################################################
# https://unix.stackexchange.com/a/204927/85131
while [ $# -gt 0 ]; do
case "$1" in
-i|--image-path)
img_path="$2"
;;
-l|--location)
location="$2"
;;
-g|--resource-group)
resource_group="$2"
;;
-n|--image-name)
img_name="$2"
;;
-h|--help)
usage
exit 1
;;
*)
printf "***************************\n"
printf "* Error: Invalid argument *\n"
printf "***************************\n"
usage
exit 1
esac
shift
shift
done
if [ -z "${img_name}" ] || [ -z "${resource_group}" ]
then
printf "************************************\n"
printf "* Error: Missing required argument *\n"
printf "************************************\n"
usage
exit 1
fi
####################################################
# DEFAULTS #
####################################################
img_path_d="${img_path:-"./result/disk.vhd"}"
location_d="${location:-"westus2"}"
####################################################
# PUT IMAGE INTO AZURE CLOUD #
####################################################
# https://vaneyckt.io/posts/safer_bash_scripts_with_set_euxo_pipefail/
set -euxo pipefail
# Make resource group exists
if ! az group show --resource-group "${resource_group}" &>/dev/null
then
az group create \
--name "${resource_group}" \
--location "${location_d}"
fi
# NOTE: The disk access token song/dance is
# tedious but allows us to upload direct
# to a disk image thereby avoid storage
# accounts (and naming them) entirely!
if ! show_id "disk" &>/dev/null
then
img_file="$(readlink -f ${img_path_d})"
bytes="$(stat -c %s ${img_path_d})"
az disk create \
--resource-group "${resource_group}" \
--name "${img_name}" \
--for-upload true \
--upload-size-bytes "${bytes}"
timeout=$(( 60 * 60 )) # disk access token timeout
sasurl="$(\
az disk grant-access \
--access-level Write \
--resource-group "${resource_group}" \
--name "${img_name}" \
--duration-in-seconds ${timeout} \
--query "[accessSas]" \
--output tsv
)"
azcopy copy "${img_file}" "${sasurl}" \
--blob-type PageBlob
# https://docs.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-revoke-access
# > Revoking the SAS will change the state of
# > the managed disk and allow you to attach
# > the disk to a VM.
az disk revoke-access \
--resource-group "${resource_group}" \
--name "${img_name}"
fi
if ! show_id "image" &>/dev/null
then
az image create \
--resource-group "${resource_group}" \
--name "${img_name}" \
--source "$(show_id "disk")" \
--os-type "linux" >/dev/null
fi

3
configs/backend.nix
View File

@ -132,7 +132,8 @@ in {
config.networking.extraHosts = ''
192.168.42.11 outer
192.168.42.12 mastodon-container
'';
20.120.214.87 snoot.tube
''; # temporary to put the snoot.tube ip here
config.services.tailscale.enable = true;

2
configs/common.nix
View File

@ -11,6 +11,8 @@
users.mutableUsers = true; # allow setting password
boot.kernelParams = [ "console=ttyS0,115200" ]; # serial console
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICSY5IGCDVT+F1A1FMB7KMwDK2kg8JGVA9gkO8FyfRWR vivlim@id_ed25519_admin"

18
configs/frontend.nix
View File

@ -129,15 +129,15 @@ in {
#rev = "999cee9611bf0ff9cff826d94151855561250489";
url = "https://git.vvn.space/vivlim/Sleeping4.git";
ref = "refs/heads/snoot-shiny";
rev = "3f748b7275a5a5955f5bb830869e52f8c272b867";
rev = "0cb5d1dd970da7d968aff1699182876ea1aca499";
};
in {
alias = "${sleeping}/";
};
};
virtualHosts."dev.snoot.tube" = {
forceSSL = true;
enableACME = true;
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "https://backend_ssh"; # ssh forwarded
proxyWebsockets = true;
@ -158,8 +158,8 @@ in {
};
};
virtualHosts."awake.snoot.tube" = {
forceSSL = true;
enableACME = true;
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "https://backend_ssh"; # ssh forwarded
proxyWebsockets = true;
@ -188,8 +188,8 @@ in {
};
};
virtualHosts."staging.snoot.tube" = {
forceSSL = true;
enableACME = true;
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "https://staging_backend_ssh"; # ssh forwarded
proxyWebsockets = true;
@ -238,8 +238,8 @@ in {
};
virtualHosts."gts.snoot.tube" = {
forceSSL = true;
enableACME = true;
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://gts_backend_ssh"; # ssh forwarded
proxyWebsockets = true;

23
flake.nix
View File

@ -67,7 +67,7 @@
};
};
frontend = { name, nodes, pkgs, ... }: {
deployment.targetHost = "snoot.tube";
deployment.targetHost = "20.120.214.87";
deployment.targetPort = 6922;
deployment.targetUser = "root";
@ -119,6 +119,8 @@
prefetch-yarn-deps
fixup_yarn_lock
yarn-lock-converter
azure-cli
azure-storage-azcopy
build-masto-vm
];
};
@ -141,5 +143,24 @@
];
};
};
packages = {
azure-frontend = nixos-generators.nixosGenerate {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
channels = {
inherit nixpkgs;
};
inherit nixpkgs;
};
modules = [
./configs/common.nix
./configs/frontend.nix
nixos-generators.nixosModules.azure # azure base machine config.
./modules/prometheus_exporters.nix
];
format = "azure";
};
};
};
}