Commit Graph

126 Commits

Author SHA1 Message Date
ryan-distrust.co 811bfc4aa3
k/digitalocean: add a Certificate for snapshot validation webhook 2023-05-16 03:44:24 -04:00
ryan-distrust.co 26c0d26c0c
k/ingress-nginx: redirect port 22 to forgejo 2023-05-16 01:10:03 -04:00
ryan-distrust.co b6f32b61a4
k/forgejo: add SSH support 2023-05-16 00:03:01 -04:00
ryan-distrust.co baeb4480ca
k/forgejo: initial WIP commit 2023-05-15 21:51:42 -04:00
ryan-distrust.co 2e5a3e0802
docs: add guide for using sops 2023-05-15 21:51:31 -04:00
ryan-distrust.co c3bc04a6ee
k/keycloak: add docs and client secret generator 2023-05-15 21:51:16 -04:00
ryan-distrust.co ad5b94929e
k/keycloak: initial commit 2023-05-15 00:06:43 -04:00
ryan-distrust.co f5008b3294
infra/main: properly format database object as kubernetes Secret 2023-05-15 00:06:32 -04:00
ryan-distrust.co c06e656e62
terraform_modules/digitalocean_database_cluster: pass necessary flags to psql 2023-05-15 00:03:44 -04:00
ryan-distrust.co 624a23d729
k/external-dns: initial commit with DigitalOcean config 2023-05-14 15:07:05 -04:00
ryan-distrust.co e83610ce47
k/cert-manager: add DigitalOcean ClusterIssuer 2023-05-14 15:06:43 -04:00
ryan-distrust.co 6fa454652a
k/ingress-nginx: disable proxy protocol
this is done because otherwise cluster internal traffic will not work
due to kube-proxy short circuiting and nginx requiring either every
request, or no request, use proxy protocol
2023-05-14 15:05:55 -04:00
ryan-distrust.co fdcba6f75b
k/ingress-nginx: initial commit 2023-05-13 01:31:19 -04:00
ryan-distrust.co cf10ecc371
k/digitalocean: place resources in vpc-id 2023-05-13 01:31:07 -04:00
ryan-distrust.co 837587782b
terraform_modules: misc improvements, rebuild cluster 2023-05-13 01:04:48 -04:00
ryan-distrust.co 833d68c3a6
k/cilium: add Cilium CNI / operator 2023-05-13 01:04:09 -04:00
ryan-distrust.co ea3e0a26f1
k/cert-manager: bases is deprecated 2023-05-13 01:03:53 -04:00
ryan-distrust.co ffef126f03
Makefile: allow binary override 2023-05-13 01:03:35 -04:00
ryan-distrust.co b371447ce0
modules/digitalocean_talos_cluster: fix rebuilding talosctl 2023-05-12 20:11:41 -04:00
ryan-distrust.co a7eb610d38
modules/digitalocean_talos_cluster: add worker nodes to talosconfig 2023-05-12 19:49:56 -04:00
ryan-distrust.co 13812e1469
bump: src/toolchain 2023-05-12 01:00:42 -04:00
ryan-distrust.co b0d3b00b81
infra/main: add helpful fields to database users list 2023-05-12 00:54:07 -04:00
ryan-distrust.co 58f9f507de
infra/main: clean up database_users output 2023-05-12 00:45:49 -04:00
ryan-distrust.co de97ffef10
terraform_modules/digitalocean_database_cluster: initial commit 2023-05-12 00:33:41 -04:00
ryan-distrust.co 2906f910c0
Makefile: improve encryption and decryption of secrets 2023-05-12 00:32:49 -04:00
ryan-distrust.co 430622c716
infra/main/main: pass var.region instead of hardcode 2023-05-11 23:21:25 -04:00
ryan-distrust.co f28db63026
k/cert-manager: initial commit 2023-05-11 22:12:58 -04:00
ryan-distrust.co 1a3cdd1591
Makefile: add talosctl 2023-05-11 21:25:59 -04:00
ryan-distrust.co fc0a7757e3
terraform_modules/digitalocean_talos_cluster: use self made vpc 2023-05-10 21:25:27 -04:00
ryan-distrust.co cf9b4e723d
k/digitalocean: initial commit 2023-05-10 20:11:30 -04:00
ryan-distrust.co 53d10a4b6e
secrets: regenerate after new cluster 2023-05-10 19:24:21 -04:00
ryan-distrust.co d695abb3fd
infra/main: bump control plane size, bump talos image 2023-05-10 19:24:07 -04:00
ryan-distrust.co 94246b21d0
terraform_modules/digitalocean_talos_cluster: don't prepare for calico 2023-05-10 19:23:46 -04:00
ryan-distrust.co 42ad0cd6cb
terraform_modules/digitalocean_talos_cluster: initial commit 2023-05-09 07:32:53 -04:00
RyanSquared ba02325689
config: bump toolchain 2023-05-08 16:08:53 -04:00
RyanSquared 09e7c060b8
Makefile: remove hardcoded environment 2023-05-07 03:37:07 -04:00
RyanSquared 048f29c9f1
Makefile: fix after rebase 2023-05-06 16:40:40 -04:00
RyanSquared 6fb97a7b8e
Makefile: use sops only when needed 2023-05-06 16:38:12 -04:00
RyanSquared 64d3385291
Makefile: add sops 2023-05-06 16:38:04 -04:00
Lance Vick 1a9e368399
add sops binary target 2023-05-05 12:09:21 -07:00
RyanSquared 6ed53333da
move to sops for managing credentials
This must be done outside of a Makefile environment due to how it
affects the programs that run inside `make`. `sops exec-env` will
decrypt a file and export the values as environment variables for the
program specified, which in this case is the user's shell.

This commit also includes a `.sops.yaml` file with the three PGP keys
from the Makefile and regenerates the DigitalOcean PAT.
2023-05-05 00:53:31 -04:00
Lance Vick b75b1f1138
set mimetypes on web files 2023-05-04 20:59:08 -07:00
Lance Vick dc8c74238e
website deploy is a thing 2023-05-04 20:31:53 -07:00
RyanSquared abb9acb85a
Makefile: ignore time terraform has been built 2023-04-14 00:19:41 -04:00
Lance Vick 185193afc9
initial website integration 2023-04-13 21:19:08 -07:00
Lance Vick c33d79892a
use https for submodule 2023-04-13 20:58:57 -07:00
Lance Vick 78e2dda370
update toolchain 2023-04-13 20:57:16 -07:00
Lance Vick bf7262e8ba
fix all of ryans problems 2023-04-13 20:47:41 -07:00
Lance Vick fc8903f688
Merge branch 'main' of codeberg.org:distrust/stack 2023-04-13 20:23:17 -07:00
Lance Vick 1466b0cba7
working terraform state sharing 2023-04-13 20:22:35 -07:00