rebuild ingress vm
This commit is contained in:
parent
caba4dafff
commit
e9bb7829ae
|
@ -0,0 +1,164 @@
|
|||
#!/usr/bin/env -S nix develop --command bash
|
||||
# Based on https://github.com/society-for-the-blind/nixos-azure-deploy/blob/main/nixos/maintainers/scripts/azure-new/upload-image.sh
|
||||
# but only the part i need, namely, uploading an image.
|
||||
|
||||
####################################################
|
||||
# AZ LOGIN CHECK #
|
||||
####################################################
|
||||
|
||||
# Making sure that one is logged in (to avoid
|
||||
# surprises down the line).
|
||||
if [ $(az account list | jq -r 'length') -eq 0 ]
|
||||
then
|
||||
echo '********************************************************'
|
||||
echo 'Please log into Azure now, and run the script again.'
|
||||
echo '********************************************************'
|
||||
az login
|
||||
exit 1
|
||||
fi
|
||||
|
||||
####################################################
|
||||
# HELPERS #
|
||||
####################################################
|
||||
|
||||
show_id() {
|
||||
az $1 show \
|
||||
--resource-group "${resource_group}" \
|
||||
--name "${img_name}" \
|
||||
--query "[id]" \
|
||||
--output tsv
|
||||
}
|
||||
|
||||
usage() {
|
||||
echo ''
|
||||
echo 'USAGE: (Every switch requires an argument)'
|
||||
echo ''
|
||||
echo '-g --resource-group REQUIRED Created if does not exist. Will'
|
||||
echo ' house a new disk and the created'
|
||||
echo ' image.'
|
||||
echo ''
|
||||
echo '-n --image-name REQUIRED The name of the image created'
|
||||
echo ' (and also of the new disk).'
|
||||
echo ''
|
||||
echo '-i --image-path Path to the image to upload.'
|
||||
echo ' Generate using nixos-generators.'
|
||||
echo ' Defaults to ./result/disk.vhd'
|
||||
echo ''
|
||||
echo '-l --location Values from `az account list-locations`.'
|
||||
echo ' Default value: "westus2".'
|
||||
}
|
||||
|
||||
####################################################
|
||||
# SWITCHES #
|
||||
####################################################
|
||||
|
||||
# https://unix.stackexchange.com/a/204927/85131
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-i|--image-path)
|
||||
img_path="$2"
|
||||
;;
|
||||
-l|--location)
|
||||
location="$2"
|
||||
;;
|
||||
-g|--resource-group)
|
||||
resource_group="$2"
|
||||
;;
|
||||
-n|--image-name)
|
||||
img_name="$2"
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
printf "***************************\n"
|
||||
printf "* Error: Invalid argument *\n"
|
||||
printf "***************************\n"
|
||||
usage
|
||||
exit 1
|
||||
esac
|
||||
shift
|
||||
shift
|
||||
done
|
||||
|
||||
if [ -z "${img_name}" ] || [ -z "${resource_group}" ]
|
||||
then
|
||||
printf "************************************\n"
|
||||
printf "* Error: Missing required argument *\n"
|
||||
printf "************************************\n"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
####################################################
|
||||
# DEFAULTS #
|
||||
####################################################
|
||||
|
||||
img_path_d="${img_path:-"./result/disk.vhd"}"
|
||||
location_d="${location:-"westus2"}"
|
||||
|
||||
####################################################
|
||||
# PUT IMAGE INTO AZURE CLOUD #
|
||||
####################################################
|
||||
|
||||
# https://vaneyckt.io/posts/safer_bash_scripts_with_set_euxo_pipefail/
|
||||
set -euxo pipefail
|
||||
|
||||
# Make resource group exists
|
||||
if ! az group show --resource-group "${resource_group}" &>/dev/null
|
||||
then
|
||||
az group create \
|
||||
--name "${resource_group}" \
|
||||
--location "${location_d}"
|
||||
fi
|
||||
|
||||
# NOTE: The disk access token song/dance is
|
||||
# tedious but allows us to upload direct
|
||||
# to a disk image thereby avoid storage
|
||||
# accounts (and naming them) entirely!
|
||||
|
||||
if ! show_id "disk" &>/dev/null
|
||||
then
|
||||
|
||||
img_file="$(readlink -f ${img_path_d})"
|
||||
bytes="$(stat -c %s ${img_path_d})"
|
||||
|
||||
az disk create \
|
||||
--resource-group "${resource_group}" \
|
||||
--name "${img_name}" \
|
||||
--for-upload true \
|
||||
--upload-size-bytes "${bytes}"
|
||||
|
||||
timeout=$(( 60 * 60 )) # disk access token timeout
|
||||
sasurl="$(\
|
||||
az disk grant-access \
|
||||
--access-level Write \
|
||||
--resource-group "${resource_group}" \
|
||||
--name "${img_name}" \
|
||||
--duration-in-seconds ${timeout} \
|
||||
--query "[accessSas]" \
|
||||
--output tsv
|
||||
)"
|
||||
|
||||
azcopy copy "${img_file}" "${sasurl}" \
|
||||
--blob-type PageBlob
|
||||
|
||||
# https://docs.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-revoke-access
|
||||
# > Revoking the SAS will change the state of
|
||||
# > the managed disk and allow you to attach
|
||||
# > the disk to a VM.
|
||||
az disk revoke-access \
|
||||
--resource-group "${resource_group}" \
|
||||
--name "${img_name}"
|
||||
fi
|
||||
|
||||
if ! show_id "image" &>/dev/null
|
||||
then
|
||||
|
||||
az image create \
|
||||
--resource-group "${resource_group}" \
|
||||
--name "${img_name}" \
|
||||
--source "$(show_id "disk")" \
|
||||
--os-type "linux" >/dev/null
|
||||
fi
|
|
@ -132,7 +132,8 @@ in {
|
|||
config.networking.extraHosts = ''
|
||||
192.168.42.11 outer
|
||||
192.168.42.12 mastodon-container
|
||||
'';
|
||||
20.120.214.87 snoot.tube
|
||||
''; # temporary to put the snoot.tube ip here
|
||||
|
||||
config.services.tailscale.enable = true;
|
||||
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
|
||||
users.mutableUsers = true; # allow setting password
|
||||
|
||||
boot.kernelParams = [ "console=ttyS0,115200" ]; # serial console
|
||||
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICSY5IGCDVT+F1A1FMB7KMwDK2kg8JGVA9gkO8FyfRWR vivlim@id_ed25519_admin"
|
||||
|
|
|
@ -129,15 +129,15 @@ in {
|
|||
#rev = "999cee9611bf0ff9cff826d94151855561250489";
|
||||
url = "https://git.vvn.space/vivlim/Sleeping4.git";
|
||||
ref = "refs/heads/snoot-shiny";
|
||||
rev = "3f748b7275a5a5955f5bb830869e52f8c272b867";
|
||||
rev = "0cb5d1dd970da7d968aff1699182876ea1aca499";
|
||||
};
|
||||
in {
|
||||
alias = "${sleeping}/";
|
||||
};
|
||||
};
|
||||
virtualHosts."dev.snoot.tube" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
locations."/" = {
|
||||
proxyPass = "https://backend_ssh"; # ssh forwarded
|
||||
proxyWebsockets = true;
|
||||
|
@ -158,8 +158,8 @@ in {
|
|||
};
|
||||
};
|
||||
virtualHosts."awake.snoot.tube" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
locations."/" = {
|
||||
proxyPass = "https://backend_ssh"; # ssh forwarded
|
||||
proxyWebsockets = true;
|
||||
|
@ -188,8 +188,8 @@ in {
|
|||
};
|
||||
};
|
||||
virtualHosts."staging.snoot.tube" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
locations."/" = {
|
||||
proxyPass = "https://staging_backend_ssh"; # ssh forwarded
|
||||
proxyWebsockets = true;
|
||||
|
@ -238,8 +238,8 @@ in {
|
|||
};
|
||||
|
||||
virtualHosts."gts.snoot.tube" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
locations."/" = {
|
||||
proxyPass = "http://gts_backend_ssh"; # ssh forwarded
|
||||
proxyWebsockets = true;
|
||||
|
|
23
flake.nix
23
flake.nix
|
@ -67,7 +67,7 @@
|
|||
};
|
||||
};
|
||||
frontend = { name, nodes, pkgs, ... }: {
|
||||
deployment.targetHost = "snoot.tube";
|
||||
deployment.targetHost = "20.120.214.87";
|
||||
deployment.targetPort = 6922;
|
||||
deployment.targetUser = "root";
|
||||
|
||||
|
@ -119,6 +119,8 @@
|
|||
prefetch-yarn-deps
|
||||
fixup_yarn_lock
|
||||
yarn-lock-converter
|
||||
azure-cli
|
||||
azure-storage-azcopy
|
||||
build-masto-vm
|
||||
];
|
||||
};
|
||||
|
@ -141,5 +143,24 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
packages = {
|
||||
azure-frontend = nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
channels = {
|
||||
inherit nixpkgs;
|
||||
};
|
||||
inherit nixpkgs;
|
||||
};
|
||||
modules = [
|
||||
./configs/common.nix
|
||||
./configs/frontend.nix
|
||||
nixos-generators.nixosModules.azure # azure base machine config.
|
||||
./modules/prometheus_exporters.nix
|
||||
];
|
||||
format = "azure";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue