IPv6 support

[divergentdave]

EC2 will soon support IPv6! We should make oversight.garden support IPv6 when support hits us-east-1. (watch https://console.aws.amazon.com/vpc/home?region=us-east-1#vpcs:)

• [x] Assign IPv6 CIDR block to VPC
• [x] Make sure official Ubuntu AMIs are dual-stack
• [x] Update aws-sdk Ruby gem (v2.6.31 or newer)
• [x] Update AWS rake tasks to set AAAA DNS records in addition to A
• [x] Make sure nginx configuration is set up to listen on both IPv4 and IPv6 addresses
• [x] Test out over LTE

[divergentdave]

The game is afoot! https://aws.amazon.com/blogs/aws/aws-ipv6-update-global-support-spanning-15-regions-multiple-aws-services/

[divergentdave]

I've manually associated IPv6 subnets with the VPC and all subnets, assigned IPv6 addresses to the running instances, and added AAAA records in Route 53 for staging.oversight.garden. Next: testing

[divergentdave]

That didn't work. In addition to updating the Rake tasks, I also need to add listen [::]:80;/listen [::]:443; to the nginx configuration.

[divergentdave]

It turns out this and #175 are blocked on EC2 Autoscaling Groups. Right now, you can only specify in launch configurations that instances are automatically assigned IPv4 addresses, and when you spin it up, instances don't get assigned IPv6 addresses.

I have half a mind to ditch the autoscaling group setup, and just use a regular instance for the web server. We aren't reaping any benefits from this, it's a pain to deal with the API differences between EC2 and EC2 ASG, and we don't actually have an ELB in front of the whole group, just a DNS record that's updated at provision time. But that's all for another day. Maybe this could be my first Terraform project?

[konklone]

Maybe this could be my first Terraform project?

I haven't done a ton with it myself, but my colleagues have and it's supposed to be pretty damn straightforward.