ops: files!

2026-02-09 12:29:19 -08:00 · 2023-01-30 11:47:03 -08:00 · 2023-01-30 11:47:03 -08:00 · a28e1ce6e2
commit a28e1ce6e2
parent 6256149a90
4 changed files with 10 additions and 9 deletions
--- a/iac/files.go
+++ b/iac/files.go
@ -14,16 +14,18 @@ func createPulumiFile(ctx *pulumi.Context, name string, value pulumi.StringOutpu
  data_root := path.Join(repo_root, "./data")
  ctx.Export(name, value)
  return local.NewCommand(ctx, name, &local.CommandArgs{
-    Create: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)),
-    Update: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)),
+    Create: pulumi.String(fmt.Sprintf("pulumi stack output %s --non-interactive --show-secrets > %s", name, name)),
+    Update: pulumi.String(fmt.Sprintf("pulumi stack output %s --non-interactive --show-secrets > %s", name, name)),
    Delete: pulumi.String(fmt.Sprintf("rm %s", name)),
    Dir: pulumi.String(data_root),
+    Environment: goMapToPulumiMap(map[string]string{
+      "PULUMI_SKIP_UPDATE_CHECK": "true",
+    }),
  }, pulumi.DependsOn([]pulumi.Resource{resource}))
 }

 func PKITLSFiles(ctx *pulumi.Context, files_ map[string]*local.Command, keys map[string]*tls.PrivateKey, certs map[string]*tls.LocallySignedCert) (files map[string]*local.Command, err error) {
  for name_, key := range keys {
-    ctx.Log.Info("mew!", nil)
    name := fmt.Sprintf("%s-file", name_)
    files_[name], err = createPulumiFile(ctx, name, key.PrivateKeyPem, key)
    if err != nil {
--- a/iac/ssh.go
+++ b/iac/ssh.go
--- a/iac/tailscale.go
+++ b/iac/tailscale.go
@ -96,13 +96,12 @@ func HandleTSHostCerts(ctx *pulumi.Context,
  keys = make(map[string]*tls.PrivateKey)
  crs = make(map[string]*tls.CertRequest)
  certs = make(map[string]*tls.LocallySignedCert)
-
  for _, device := range tailnet.Devices {
    if device.User != "kat@inskip.me" {
-      return nil, nil, nil, err
+      continue
    }
    name := strings.Split(device.Name, ".")[0]
-    keys[name], crs[name], certs[name], err = HandleTSHostCert(ctx, device, ca_key, ca_cert)
+    keys[fmt.Sprintf("ts-%s-host-key", name)], crs[fmt.Sprintf("ts-%s-host-cr", name)], certs[fmt.Sprintf("ts-%s-host-cert", name)], err = HandleTSHostCert(ctx, device, ca_key, ca_cert)
    if err != nil {
      return nil, nil, nil, err
    }
--- a/iac/tls.go
+++ b/iac/tls.go
@ -18,7 +18,7 @@ func generateKeyPair(ctx *pulumi.Context,
  key, err = tls.NewPrivateKey(ctx, fmt.Sprintf("%s-key", purpose), &tls.PrivateKeyArgs{
    Algorithm: pulumi.String("RSA"),
    RsaBits: pulumi.Int(4096),
-  })
+  }, pulumi.DependsOn([]pulumi.Resource{ca_key, ca_cert}))
  if err != nil {
    return nil, nil, nil, err
  }
@ -30,7 +30,7 @@ func generateKeyPair(ctx *pulumi.Context,
      CommonName: pulumi.String("inskip.me"),
      Organization: pulumi.String("Kat Inskip"),
    },
-  })
+  }, pulumi.DependsOn([]pulumi.Resource{ca_key, ca_cert, key}))
  if err != nil {
    return nil, nil, nil, err
  }
@ -46,7 +46,7 @@ func generateKeyPair(ctx *pulumi.Context,
    CertRequestPem: cr.CertRequestPem,
    ValidityPeriodHours: pulumi.Int(1440),
    EarlyRenewalHours: pulumi.Int(168),
-  })
+  }, pulumi.DependsOn([]pulumi.Resource{ca_key, ca_cert, key, cr}))
  if err != nil {
    return nil, nil, nil, err
  }