Bastion terraform #171
Bastion terraform #171
Conversation
zimbatm
force-pushed
the
bastion-terraform
branch
2 times, most recently
from
1ef0035 to
88438a9
Compare
|
I'd prefer not to do this until we can do the entire deployment using only terraform. This change will make deployment harder/uglier since you now need two tools to manage the infrastructure. And NixOps cannot reference output values from terraform, so you get ugly things like |
|
Ok. Note that the current NixOps deployment is broken and is blocking the fixes to the channel script in NixOS/nixos-channel-scripts#49 The latest commit deploys with terraform, but I'm hitting another issue now: nix-community/terraform-nixos#60 |
I am not very excited about terraform as a NixOS deploy tool. I've found it a bit slow, and doesn't handle partial network deployments very well. I've had good success using a combination of Terraform + Morph. Perhaps I could demo how that works? |
|
I don't really care, just pick something so I can deploy the channel script updates. With the implementation in this branch, it will also be possible to |
zimbatm
force-pushed
the
bastion-terraform
branch
3 times, most recently
from
86718db to
9a497f6
Compare
All the resources have been imported in the terraform state and have a clean plan.
zimbatm
force-pushed
the
bastion-terraform
branch
from
9a497f6 to
52b9307
Compare
|
I had to fork tweag/terraform-nixos to make it work with our sub-folder flake. |
|
Assuming that this is fine. |
This moves all the AWS resource declarations to terraform.
The terraform state has been imported from the existing resources and is clean. It's not the cleanest terraform since it's just a straight import.
The nixops state can probably be destroyed and re-created since we don't care about the old resources anymore and the state is not needed anymore.
Now it's possible to
nixos-rebuild switch --flake .#bastion --use-remote-sudoto deploy from the bastion host.Fixes #171