khuedoan.com / cloudlab
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

refactor(infra): move NixOS to separate module

Khue Doan 0448ff72 945c74a4

+106 -113
-38
infra/_modules/hetzner-nixos/main.tf
··· 1 - resource "hcloud_ssh_key" "main" { 2 - # TODO better key gen 3 - name = "workstation" 4 - public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG" 5 - } 6 - 7 - resource "hcloud_server" "nodes" { 8 - for_each = var.nodes 9 - 10 - name = each.key 11 - server_type = "cax11" 12 - public_net { 13 - ipv4_enabled = true 14 - ipv6_enabled = true 15 - } 16 - image = "debian-13" # Only used to bootstrap nixos-anywhere 17 - location = each.value.location 18 - ssh_keys = [ 19 - hcloud_ssh_key.main.id 20 - ] 21 - } 22 - 23 - module "nixos" { 24 - for_each = hcloud_server.nodes 25 - 26 - source = "git::https://github.com/nix-community/nixos-anywhere//terraform/all-in-one?ref=main" 27 - nixos_system_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.toplevel" 28 - nixos_partitioner_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.diskoScript" 29 - target_host = each.value.ipv4_address # TODO switch to IPv6, see https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud 30 - instance_id = each.value.name 31 - 32 - # extra_files_script = "${path.module}/decrypt-ssh-secrets.sh" 33 - # disk_encryption_key_scripts = [{ 34 - # path = "/tmp/secret.key" 35 - # # script is below 36 - # script = "${path.module}/decrypt-zfs-key.sh" 37 - # }] 38 - }
infra/_modules/hetzner-nixos/outputs.tf infra/_modules/hetzner-vm/outputs.tf
-12
infra/_modules/hetzner-nixos/variables.tf
··· 1 - variable "nodes" { 2 - type = map(object({ 3 - location = string 4 - })) 5 - } 6 - 7 - variable "nixos" { 8 - type = object({ 9 - flake = string 10 - host = string 11 - }) 12 - }
-2
infra/_modules/hetzner-nixos/versions.tf infra/_modules/hetzner-vm/versions.tf
··· 6 6 } 7 7 } 8 8 } 9 - 10 - # TODO export HCLOUD_TOKEN
+21
infra/_modules/hetzner-vm/main.tf
··· 1 + resource "hcloud_ssh_key" "main" { 2 + # TODO better key gen 3 + name = "workstation" 4 + public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG" 5 + } 6 + 7 + resource "hcloud_server" "nodes" { 8 + for_each = var.nodes 9 + 10 + name = each.key 11 + server_type = "cax11" 12 + public_net { 13 + ipv4_enabled = true 14 + ipv6_enabled = true 15 + } 16 + image = "debian-13" # Only used to bootstrap nixos-anywhere 17 + location = each.value.location 18 + ssh_keys = [ 19 + hcloud_ssh_key.main.id 20 + ] 21 + }
+5
infra/_modules/hetzner-vm/variables.tf
··· 1 + variable "nodes" { 2 + type = map(object({ 3 + location = string 4 + })) 5 + }
+9
infra/_modules/nixos/main.tf
··· 1 + module "nixos" { 2 + for_each = var.hosts 3 + 4 + source = "git::https://github.com/nix-community/nixos-anywhere//terraform/all-in-one?ref=main" 5 + nixos_system_attr = "${var.flake}#nixosConfigurations.${each.key}.config.system.build.toplevel" 6 + nixos_partitioner_attr = "${var.flake}#nixosConfigurations.${each.key}.config.system.build.diskoScript" 7 + target_host = each.value.ipv6_address 8 + instance_id = each.key 9 + }
+9
infra/_modules/nixos/variables.tf
··· 1 + variable "flake" { 2 + type = string 3 + } 4 + 5 + variable "hosts" { 6 + type = map(object({ 7 + ipv6_address = string 8 + })) 9 + }
-10
infra/_modules/proxmox-nixos/main.tf infra/_modules/proxmox-vm/main.tf
··· 57 57 58 58 create_duration = "30s" 59 59 } 60 - 61 - module "main" { 62 - source = "git::https://github.com/nix-community/nixos-anywhere//terraform/all-in-one?ref=main" 63 - nixos_system_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.toplevel" 64 - nixos_partitioner_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.diskoScript" 65 - target_host = proxmox_virtual_environment_vm.main.ipv6_addresses[1][0] 66 - instance_id = proxmox_virtual_environment_vm.main.id 67 - 68 - depends_on = [time_sleep.wait_for_ip] 69 - }
infra/_modules/proxmox-nixos/terraform.tf infra/_modules/proxmox-vm/terraform.tf
-7
infra/_modules/proxmox-nixos/variables.tf infra/_modules/proxmox-vm/variables.tf
··· 7 7 default = "proxmox" 8 8 } 9 9 10 - variable "nixos" { 11 - type = object({ 12 - flake = string 13 - host = string 14 - }) 15 - } 16 - 17 10 variable "cpu" { 18 11 type = object({ 19 12 cores = number
+3
infra/_modules/proxmox-vm/outputs.tf
··· 1 + output "ipv6_address" { 2 + value = proxmox_virtual_environment_vm.main.ipv6_addresses[1][0] 3 + }
+1 -5
infra/production/hetzner/compute/terragrunt.hcl
··· 4 4 } 5 5 6 6 terraform { 7 - source = "${find_in_parent_folders("_modules")}//hetzner-nixos" 7 + source = "${find_in_parent_folders("_modules")}//hetzner-vm" 8 8 } 9 9 10 10 inputs = { ··· 18 18 # "worker-2" = { 19 19 # location = "fsn1" 20 20 # } 21 - } 22 - nixos = { 23 - flake = "${find_in_parent_folders("_modules")}/nixos" 24 - host = "k3s-arm" 25 21 } 26 22 }
+36
infra/production/nixos/.terraform.lock.hcl
··· 1 + # This file is maintained automatically by "tofu init". 2 + # Manual edits may be lost in future updates. 3 + 4 + provider "registry.opentofu.org/hashicorp/external" { 5 + version = "2.3.5" 6 + hashes = [ 7 + "h1:jcVmeuuz74tdRt2kj0MpUG9AORdlAlRRQ3k61y0r5Vc=", 8 + "zh:1fb9aca1f068374a09d438dba84c9d8ba5915d24934a72b6ef66ef6818329151", 9 + "zh:3eab30e4fcc76369deffb185b4d225999fc82d2eaaa6484d3b3164a4ed0f7c49", 10 + "zh:4f8b7a4832a68080f0bf4f155b56a691832d8a91ce8096dac0f13a90081abc50", 11 + "zh:5ff1935612db62e48e4fe6cfb83dfac401b506a5b7b38342217616fbcab70ce0", 12 + "zh:993192234d327ec86726041eb6d1efb001e41f32e4518ad8b9b162130b65ee9a", 13 + "zh:ce445e68282a2c4b2d1f994a2730406df4ea47914c0932fb4a7eb040a7ec7061", 14 + "zh:e305e17216840c54194141fb852839c2cedd6b41abd70cf8d606d6e88ed40e64", 15 + "zh:edba65fb241d663c09aa2cbf75026c840e963d5195f27000f216829e49811437", 16 + "zh:f306cc6f6ec9beaf75bdcefaadb7b77af320b1f9b56d8f50df5ebd2189a93148", 17 + "zh:fb2ff9e1f86796fda87e1f122d40568912a904da51d477461b850d81a0105f3d", 18 + ] 19 + } 20 + 21 + provider "registry.opentofu.org/hashicorp/null" { 22 + version = "3.2.4" 23 + hashes = [ 24 + "h1:jsKjBiLb+v3OIC3xuDiY4sR0r1OHUMSWPYKult9MhT0=", 25 + "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", 26 + "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", 27 + "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", 28 + "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", 29 + "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", 30 + "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", 31 + "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", 32 + "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", 33 + "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", 34 + "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", 35 + ] 36 + }
+21
infra/production/nixos/terragrunt.hcl
··· 1 + include "root" { 2 + path = find_in_parent_folders("root.hcl") 3 + expose = true 4 + } 5 + 6 + terraform { 7 + source = "${find_in_parent_folders("_modules")}//nixos" 8 + } 9 + 10 + dependency "proxmox" { 11 + config_path = "../proxmox/compute" 12 + } 13 + 14 + inputs = { 15 + flake = "${find_in_parent_folders("_modules")}//nixos" 16 + hosts = { 17 + k3s = { 18 + ipv6_address = dependency.proxmox.outputs.ipv6_address 19 + } 20 + } 21 + }
-34
infra/production/proxmox/compute/.terraform.lock.hcl
··· 24 24 ] 25 25 } 26 26 27 - provider "registry.opentofu.org/hashicorp/external" { 28 - version = "2.3.5" 29 - hashes = [ 30 - "h1:jcVmeuuz74tdRt2kj0MpUG9AORdlAlRRQ3k61y0r5Vc=", 31 - "zh:1fb9aca1f068374a09d438dba84c9d8ba5915d24934a72b6ef66ef6818329151", 32 - "zh:3eab30e4fcc76369deffb185b4d225999fc82d2eaaa6484d3b3164a4ed0f7c49", 33 - "zh:4f8b7a4832a68080f0bf4f155b56a691832d8a91ce8096dac0f13a90081abc50", 34 - "zh:5ff1935612db62e48e4fe6cfb83dfac401b506a5b7b38342217616fbcab70ce0", 35 - "zh:993192234d327ec86726041eb6d1efb001e41f32e4518ad8b9b162130b65ee9a", 36 - "zh:ce445e68282a2c4b2d1f994a2730406df4ea47914c0932fb4a7eb040a7ec7061", 37 - "zh:e305e17216840c54194141fb852839c2cedd6b41abd70cf8d606d6e88ed40e64", 38 - "zh:edba65fb241d663c09aa2cbf75026c840e963d5195f27000f216829e49811437", 39 - "zh:f306cc6f6ec9beaf75bdcefaadb7b77af320b1f9b56d8f50df5ebd2189a93148", 40 - "zh:fb2ff9e1f86796fda87e1f122d40568912a904da51d477461b850d81a0105f3d", 41 - ] 42 - } 43 - 44 - provider "registry.opentofu.org/hashicorp/null" { 45 - version = "3.2.4" 46 - hashes = [ 47 - "h1:jsKjBiLb+v3OIC3xuDiY4sR0r1OHUMSWPYKult9MhT0=", 48 - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", 49 - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", 50 - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", 51 - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", 52 - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", 53 - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", 54 - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", 55 - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", 56 - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", 57 - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", 58 - ] 59 - } 60 - 61 27 provider "registry.opentofu.org/hashicorp/time" { 62 28 version = "0.13.1" 63 29 hashes = [
+1 -5
infra/production/proxmox/compute/terragrunt.hcl
··· 4 4 } 5 5 6 6 terraform { 7 - source = "${find_in_parent_folders("_modules")}//proxmox-nixos" 7 + source = "${find_in_parent_folders("_modules")}//proxmox-vm" 8 8 } 9 9 10 10 inputs = { 11 11 name = "k3s" 12 - nixos = { 13 - flake = "${find_in_parent_folders("_modules")}/nixos" 14 - host = "k3s" 15 - } 16 12 cpu = { 17 13 cores = 8 18 14 }