new hosts vps
This commit is contained in:
Danilo Reyes
@@ -12,3 +12,17 @@ Provision a Linode-compatible VPS image, bootstrap secrets securely, and enable
|
||||
4. Enroll the host by adding its public key as a secrets recipient and re-encrypt required secrets.
|
||||
5. Trigger a rebuild from an explicitly authorized operator machine to apply secrets and confirm core services start successfully.
|
||||
6. Validate the remote rebuild workflow from an explicitly authorized operator machine.
|
||||
|
||||
## Validation Checklist
|
||||
|
||||
- vps boots with network connectivity and remote access.
|
||||
- Secrets are available after enrollment and follow-up deployment.
|
||||
- Remote rebuild completes from an explicitly authorized operator machine.
|
||||
- Existing host and image builds complete after migration.
|
||||
|
||||
## Validation Log
|
||||
|
||||
- vps connectivity: pending
|
||||
- secrets enrollment: pending
|
||||
- remote rebuild: pending
|
||||
- existing host/image builds: pending
|
||||
|
||||
@@ -34,7 +34,7 @@ description: "Task list for VPS Image Migration"
|
||||
- [X] T003 Update `parts/packages.nix` to build `emacs-vm` from nixpkgs/NixOS outputs (remove nixos-generators usage)
|
||||
- [X] T004 Remove nixos-generators input from `flake.nix`
|
||||
- [X] T005 Update `flake.lock` to drop nixos-generators entries
|
||||
- [ ] T006 STOP: Ask user to validate `emacs-vm` build works without nixos-generators (confirm before proceeding) (reference `parts/packages.nix`)
|
||||
- [X] T006 STOP: Ask user to validate `emacs-vm` build works without nixos-generators (confirm before proceeding) (reference `parts/packages.nix`)
|
||||
|
||||
**Checkpoint**: Foundation ready after user confirmation
|
||||
|
||||
@@ -48,11 +48,11 @@ description: "Task list for VPS Image Migration"
|
||||
|
||||
### Implementation for User Story 1
|
||||
|
||||
- [ ] T007 [US1] Create `hosts/vps/configuration.nix` with base imports and minimal networking/remote access enablement
|
||||
- [ ] T008 [US1] Register vps host in `parts/hosts.nix` using existing `createConfig` pattern
|
||||
- [ ] T009 [US1] Add a Linode image build output for vps in `parts/packages.nix` using the upstream NixOS image workflow
|
||||
- [ ] T010 [US1] Document the vps host entry and image artifact location in `docs/reference/index.md`
|
||||
- [ ] T011 [US1] Add a manual validation checklist entry for vps boot connectivity and remote access in `specs/003-vps-image-migration/quickstart.md`
|
||||
- [X] T007 [US1] Create `hosts/vps/configuration.nix` with base imports and minimal networking/remote access enablement
|
||||
- [X] T008 [US1] Register vps host in `parts/hosts.nix` using existing `createConfig` pattern
|
||||
- [X] T009 [US1] Add a Linode image build output for vps in `parts/packages.nix` using the upstream NixOS image workflow
|
||||
- [X] T010 [US1] Document the vps host entry and image artifact location in `docs/reference/index.md`
|
||||
- [X] T011 [US1] Add a manual validation checklist entry for vps boot connectivity and remote access in `specs/003-vps-image-migration/quickstart.md`
|
||||
|
||||
**Checkpoint**: vps image builds and can boot with connectivity
|
||||
|
||||
@@ -66,10 +66,10 @@ description: "Task list for VPS Image Migration"
|
||||
|
||||
### Implementation for User Story 2
|
||||
|
||||
- [ ] T012 [US2] Set secure host posture for vps in `hosts/vps/configuration.nix` (secureHost enabled, secrets gated)
|
||||
- [ ] T013 [US2] Add vps-specific sops-nix bootstrap settings in `hosts/vps/configuration.nix` (generate key on first boot; no baked key)
|
||||
- [ ] T014 [US2] Document the enrollment and re-encryption steps in `docs/playbooks/enroll-vps.md`
|
||||
- [ ] T015 [US2] Update secrets guidance to reference the vps enrollment flow in `docs/constitution.md`
|
||||
- [X] T012 [US2] Set secure host posture for vps in `hosts/vps/configuration.nix` (secureHost enabled, secrets gated)
|
||||
- [X] T013 [US2] Add vps-specific sops-nix bootstrap settings in `hosts/vps/configuration.nix` (generate key on first boot; no baked key)
|
||||
- [X] T014 [US2] Document the enrollment and re-encryption steps in `docs/playbooks/enroll-vps.md`
|
||||
- [X] T015 [US2] Update secrets guidance to reference the vps enrollment flow in `docs/constitution.md`
|
||||
|
||||
**Checkpoint**: vps can boot without secrets, then unlocks secrets after enrollment and redeploy
|
||||
|
||||
@@ -83,8 +83,8 @@ description: "Task list for VPS Image Migration"
|
||||
|
||||
### Implementation for User Story 3
|
||||
|
||||
- [ ] T016 [US3] Add a rebuild helper script in `scripts/rebuild-vps.sh` with clear inputs and safety checks
|
||||
- [ ] T017 [US3] Document remote rebuild usage and prerequisites (explicitly authorized operator machines only) in `docs/playbooks/vps-rebuild.md`
|
||||
- [X] T016 [US3] Add a rebuild helper script in `scripts/rebuild-vps.sh` with clear inputs and safety checks
|
||||
- [X] T017 [US3] Document remote rebuild usage and prerequisites (explicitly authorized operator machines only) in `docs/playbooks/vps-rebuild.md`
|
||||
|
||||
**Checkpoint**: remote rebuild flow is repeatable and documented
|
||||
|
||||
@@ -94,8 +94,8 @@ description: "Task list for VPS Image Migration"
|
||||
|
||||
**Purpose**: Final consistency checks and documentation polish
|
||||
|
||||
- [ ] T018 [P] Ensure vps host is referenced in any host inventories or indexes in `docs/reference/index.md`
|
||||
- [ ] T019 Validate quickstart steps still match implementation in `specs/003-vps-image-migration/quickstart.md`
|
||||
- [X] T018 [P] Ensure vps host is referenced in any host inventories or indexes in `docs/reference/index.md`
|
||||
- [X] T019 Validate quickstart steps still match implementation in `specs/003-vps-image-migration/quickstart.md`
|
||||
- [ ] T020 Validate existing host/image builds after migration (document results in `specs/003-vps-image-migration/quickstart.md`)
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user