40 Commits

Author	SHA1	Message	Date
MichaelFisher1997	9b03cec23e	fix: correctly propagate remote command exit status	2026-03-02 00:52:24 +00:00
MichaelFisher1997	fd7be1a428	fix: require admin kubeconfig before skipping cp init	2026-03-01 23:42:56 +00:00
MichaelFisher1997	f9e7356f94	fix: make cp-1 init detection and join token generation robust	2026-03-01 21:56:59 +00:00
MichaelFisher1997	a5f0f0a420	fix: recover when admin kubeconfig is missing on primary control plane	2026-03-01 20:58:44 +00:00
MichaelFisher1997	661fbc2ff4	fix: use admin kubeconfig for final cluster node check	2026-03-01 20:31:57 +00:00
MichaelFisher1997	3fa227d7c9	feat: add SSH-based fallback for kubeadm IP inventory	2026-03-01 19:28:15 +00:00
MichaelFisher1997	718a9930e8	fix: fail fast when terraform node IP outputs are empty	2026-03-01 18:01:09 +00:00
MichaelFisher1997	7ec1ce92cf	fix: auto-detect kube-vip interface and tighten SSH fallback	2026-03-01 17:34:09 +00:00
MichaelFisher1997	88db11292d	fix: fallback SSH user per host during bootstrap steps	2026-03-01 13:34:15 +00:00
MichaelFisher1997	8bd064c828	fix: keep micqdf user during kubeadm node rebuilds	2026-03-01 13:31:46 +00:00
MichaelFisher1997	760d0e8b5b	perf: speed up first bootstrap with fast-mode defaults	2026-03-01 03:33:42 +00:00
MichaelFisher1997	3bdf3f8d84	feat: convert template-base into k8s-ready VM template	2026-03-01 01:24:45 +00:00
MichaelFisher1997	dad409a5b7	fix: restore use-remote-sudo for nixos-rebuild compatibility	2026-02-28 23:20:12 +00:00
MichaelFisher1997	45e818b113	fix: enable nix-command for remote gc and use --sudo	2026-02-28 22:55:15 +00:00
MichaelFisher1997	f5d9eba9d0	feat: parallelize worker rebuilds with retry and timeout	2026-02-28 22:15:48 +00:00
MichaelFisher1997	327c07314c	fix: reclaim remote nix store space before rebuild	2026-02-28 21:24:26 +00:00
MichaelFisher1997	3b5d04dda2	fix: force bash for remote kubeadm commands	2026-02-28 21:06:35 +00:00
MichaelFisher1997	ba912810d1	fix: preconfigure remote nix trusted-users before rebuild	2026-02-28 20:25:50 +00:00
MichaelFisher1997	5c037d9a99	fix: prefer root SSH for deploy and trust micqdf in nix	2026-02-28 20:03:26 +00:00
MichaelFisher1997	244887e9c2	fix: auto-detect SSH login user for node operations	2026-02-28 19:25:48 +00:00
MichaelFisher1997	c94c1f61d8	fix: force explicit SSH identity for kubeadm remote operations	2026-02-28 17:16:31 +00:00
MichaelFisher1997	046de9b3d4	fix: preseed known_hosts for kubeadm SSH operations	2026-02-28 17:07:43 +00:00
MichaelFisher1997	5669305e59	feat: make kubeadm workflows auto-scale with terraform outputs	2026-02-28 16:43:22 +00:00
MichaelFisher1997	f341816112	feat: run kubeadm reconcile after terraform apply on master	2026-02-28 16:39:04 +00:00
MichaelFisher1997	8bcc162956	feat: auto-discover kubeadm node IPs from terraform state	2026-02-28 16:31:23 +00:00
MichaelFisher1997	b0779c51c0	feat: add gitea workflows for kubeadm bootstrap and reset	2026-02-28 16:26:51 +00:00
MichaelFisher1997	9fe845b53d	feat: add repeatable kubeadm rebuild and reset scripts	2026-02-28 16:24:45 +00:00
MichaelFisher1997	885a92f494	chore: add lightweight flake checks for kubeadm configs	2026-02-28 16:19:37 +00:00
MichaelFisher1997	91dd20e60e	fix: escape shell expansion in kubeadm helper scripts	2026-02-28 16:12:25 +00:00
MichaelFisher1997	abac6300ca	refactor: generate kubeadm host configs from flake	2026-02-28 16:09:05 +00:00
MichaelFisher1997	7206d8cd41	feat: implement kubeadm bootstrap scaffolding for Nix nodes	2026-02-28 16:04:14 +00:00
MichaelFisher1997	21be01346b	feat: refactor infra to cp/wk kubeadm topology ... Provision 3 thin control planes and 3 workers with role-specific sizing and VMID ranges (701/711), generate per-node cloud-init snippets with SSH key injection, and add NixOS kubeadm host/module scaffolding for cp-1..3 and wk-1..3.	2026-02-28 14:16:55 +00:00
MichaelFisher1997	b3521d6c02	chore: remove baked SSH key from template user ... Rely on cloud-init SSH key injection from secrets for access rotation instead of storing an authorized key in the template config.	2026-02-28 12:45:04 +00:00
MichaelFisher1997	17834b3aa7	update: rotate SSH access via cloud-init secret ... Inject SSH public key through Terraform/cloud-init from Gitea secret so access can be rotated without rebuilding the template image.	2026-02-28 12:36:20 +00:00
MichaelFisher1997	6fada2f32a	refactor: use direct tailscale auth-key enrollment ... Stop writing auth keys to guest files and enroll nodes by running tailscale up directly via Proxmox guest agent with VM-name hostnames.	2026-02-28 12:12:58 +00:00
MichaelFisher1997	510ba707ad	fix: stabilize tailscale enrollment without cloud-init rollback ... Create /etc/tailscale before writing runtime key, add progress logging and unbuffered output in enroll script, and shorten guest-agent wait to fail faster when enrollment cannot run.	2026-02-28 12:09:40 +00:00
MichaelFisher1997	3335020db5	fix: make tailscale enrollment clone-safe and hostname-aware ... Reset cloned tailscale state before first join, remove one-shot marker dependency, and allow workflow host entries in host=hostname format so nodes join with VM-aligned tailscale names.	2026-02-28 02:01:48 +00:00
MichaelFisher1997	c0dd091b51	chore: align template base with live VM config ... Set NixOS stateVersion to 25.05 and include neovim in the default utility package set.	2026-02-28 00:44:08 +00:00
MichaelFisher1997	595df12b3e	update: automate tailscale enrollment from Gitea secrets ... Add a first-boot tailscale enrollment service to the NixOS template and wire terraform-apply to inject TS auth key at runtime from secrets, so keys are not baked into templates or repo files.	2026-02-28 00:33:14 +00:00
MichaelFisher1997	e714a56980	update: switch Terraform to NixOS template workflow ... - Point clone_template to nixos-template and trim cloud-init to Nix-safe hostname/DNS only - Remove SSH/Tailscale cloud-init variables and workflow secret dependencies - Add reusable NixOS template-base config with bootloader, Tailscale, fish, and utility packages	2026-02-28 00:06:25 +00:00