Skip to content

gaslightctf/infra

BranchesTags

Repository files navigation

infra

hackatime badge

gaslightCTF infrastructure as code. Extremely overengineered (<3 Nix)

Manages the following resources:

  • terranix/
    • GCE network, subnet, firewall
      • GCE subnet, firewall
      • GCE network LB
    • GCE instances
    • Cloudflare DNS records
      • play[-dev]. -> network-lb
      • chall[-dev]. -> network-lb
  • colmena/
    • NixOS config for k3s nodes
    • monitoring
      • logs go somewhere
      • metrics go somewhere
  • nixidy/
    • storage
      • CSI GCE PD driver
    • cilium config
    • Traefik config
      • cert-manager
    • berg deployment
    • argocd config

adding a new host

  • add instances.[name].enable = true to ./terranix/infra/default.nix
    • tofu-dev apply
  • just sync dev, update ./data/keys.nix

terranix

tofu-dev init
tofu-dev apply -concise

# update ./secrets/dev/k8s/observability.yaml
tofu-dev state show -show-sensitive google_storage_hmac_key.openobserve
tofu-dev state show -show-sensitive google_storage_hmac_key.k8up

nixidy

just build-nixidy dev
just switch-nixidy dev

kubectl access

just fetch-kubeconfig
screen -dm just forward-kubectl

bootstrapping cluster

tofu-dev apply
just sync

# because flakes are stupid
jj

just provision dev eevee
just provision dev vaporeon
...

just fetch-kubeconfig
screen -dm just forward-kubectl

patch-pod-cidrs
nixidy apply .#dev
nixidy bootstrap .#dev | kubectl apply -f-

About

opentofu + nixos + k8s config for gaslightCTF

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages