infra(chore): update bastion host vm setup [MRXNM-52]

[hotzevzl]

• link bastion network security group (allows public ssh access on ipv4) to bastion host NIC
• add a small swapfile and enable it as swap when provisioning the bastion host VM
• use latest Ubuntu LTS base image

Testing instructions

Re-creating the bastion host VM via Terraform should do all the above.

Feature relevant tickets

https://vizzuality.atlassian.net/browse/MRXNM-52

---

Checklist before submitting

• Meaningful commits and code rebased on develop.
• If this PR adds feature that should be tested for regressions when
  deploying to staging/production, please add brief testing instructions
  to the deploy checklist (docs/deployment-checklist.md)
• Update CHANGELOG file

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
marxan	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 16, 2024 0:34am

[alexeh]

isn't just easier/simpler to provision a suitably beefed up vm?

[hotzevzl]

yep, that's an option - I proposed this because we can keep the lowest ongoing cost for this, since all it actually needs to do is to tunnel connections through, and the setup for the swapfile - just in case, as maybe it "just" makes sense to reapply the config and get the VM recreated with the latest 24.04 image that includes any security fixes added by Canonical, instead of tediously doing an apt upgrade on what is essentially a disposable VM instance - was easy enough.

[alexeh]

LGTM, besides some doubts.

I am missing the first point:
link bastion network security group (allows public ssh access on ipv4) to bastion host NIC

How was the ssh connection set up previously? I was expecting to see my public key added somewhere and thats it, is this happening in a separate PR, or is it happening outside the repo manually?

[hotzevzl]

LGTM, besides some doubts.

I am missing the first point: link bastion network security group (allows public ssh access on ipv4) to bastion host NIC

the relevant change is in this commit: 02775f8

How was the ssh connection set up previously? I was expecting to see my public key added somewhere and thats it, is this happening in a separate PR, or is it happening outside the repo manually?

yep, the two things are separate - I just happened to notice that "something" broke after applying the same config as before, and it turned out to be this missing NSG link.

same config as before

as in, except the 24.04 image and the swapfile hack changes included in this PR, and applied adding your public ssh key in the relevant array in the tfvars we use (this is managed in lastpass - I have just given you access, I had missed this before 🤦🏼