-
-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework access management & deployment for the NixOS core infra #324
Comments
Sounds good overall. I would even remove the bastion and wireguard. Make things simple. Take a step back. And then once you're comfortable, re-introduce appropriate security measures. If you have the NixOS firewall enabled, and password auth disabled on OpenSSH, things are already pretty secure. |
Might be worth introducing Tailscale for access management and ssh. It would probably make it cleaner to handle ACLs and access control in general. |
I won't be making much progress on this for the next ~7 days, so current progress on nixops removal is dumped at master...delroth:nixos-org-configurations:remove-nixops if someone wants to move things forward in the meantime. |
I think we can call this fixed:
infra-build can ssh root@{eris,haumea,rhea}.nixos.org
Everything can now be done with a nixos-rebuild --flake. In the future we can add colmena support for convenience.
delft/* now uses agenix. TBD: moving non-critical-infra to agenix too to align. |
Please take this as an RFC and feel free to yell at what seems to be a bad idea and/or suggest improvements.
Goals
nixops ssh
frombastion
, some only accessible viassh
on Wireguard, varying login usernames depending on the host.nixops
and manual on-hostnixos-rebuild
.bastion
deployed vianixops
, and manually deployed secret files onrhea
andbastion
.Plan
root
SSH access for all core infra SSH keys.sops-nix
.non-critical-infra
.nixops
completely.outputs.nixosConfigurations
per machine, as well asoutputs.colmena
forcolmena
compat for remote deployment.rhea
. So for now, until new use cases appear for this, let's stop relying on any cross-machine configuration and keep everynixosConfiguration
independently evaluable.Future improvements
bastion
and get rid of it.nixops
is dead + secrets versioned, the use case forbastion
kind of goes away (no more unversioned state required for a deployment tool).The text was updated successfully, but these errors were encountered: