refactor(infra): move NixOS modules to the right dir

khuedoan.com / cloudlab

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

this repo has no description

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

refactor(infra): move NixOS modules to the right dir

Khue Doan 9 months ago f4376377 ac27edaf

+59 -553

31 changed files

expand all collapse all

infra

.modules

hetzner-nixos

main.tf

outputs.tf

variables.tf

versions.tf

nixos

Makefile

configuration.nix

disks.nix

flake.lock

flake.nix

profiles

k3s.nix

test.nix

proxmox-nixos

main.tf

terraform.tf

variables.tf

local

bootstrap

terragrunt.hcl

cluster

terragrunt.hcl

nixos

configuration.nix

flake.lock

flake.nix

production

hetzner

helsinki

compute

hetzner-vm

configuration.nix

flake.lock

flake.nix

terragrunt.hcl

oracle

bootstrap

terragrunt.hcl

cluster

terragrunt.hcl

legacy

terragrunt.hcl

secrets

terragrunt.hcl

proxmox

vn-southwest-1

compute

.terraform.lock.hcl

terragrunt.hcl

tfstate

.terraform.lock.hcl

terragrunt.hcl

-19

infra/.modules/nixos/Makefile

reviewed

··· 1 1 - .POSIX: 2 2 - 3 3 - .PHONY: * 4 4 - default: switch 5 5 - 6 6 - switch: 7 7 - sudo nixos-rebuild \ 8 8 - --flake '.#netamos' \ 9 9 - --impure \ 10 10 - switch 11 11 - 12 12 - update: 13 13 - nix flake update 14 14 - 15 15 - test: 16 16 - @nix \ 17 17 - --experimental-features 'nix-command flakes' \ 18 18 - run \ 19 19 - '.#nixosConfigurations.test.config.system.build.vmWithDisko'

+22 -101

infra/.modules/nixos/configuration.nix

reviewed

··· 1 1 - { config, pkgs, ... }: 1 1 + { modulesPath, ... }: 2 2 3 3 { 4 4 - disko.devices = { 5 5 - disk = { 6 6 - main = { 7 7 - type = "disk"; 8 8 - content = { 9 9 - type = "gpt"; 10 10 - partitions = { 11 11 - boot = { 12 12 - size = "1M"; 13 13 - type = "EF02"; # for grub MBR 14 14 - }; 15 15 - ESP = { 16 16 - size = "1G"; 17 17 - type = "EF00"; 18 18 - content = { 19 19 - type = "filesystem"; 20 20 - format = "vfat"; 21 21 - mountpoint = "/boot"; 22 22 - mountOptions = [ "umask=0077" ]; 23 23 - }; 24 24 - }; 25 25 - root = { 26 26 - size = "100%"; 27 27 - content = { 28 28 - type = "filesystem"; 29 29 - format = "ext4"; 30 30 - mountpoint = "/"; 31 31 - }; 32 32 - }; 33 33 - }; 34 34 - }; 35 35 - }; 36 36 - }; 37 37 - }; 4 4 + imports = [ 5 5 + (modulesPath + "/profiles/all-hardware.nix") 6 6 + ]; 38 7 39 8 boot = { 40 9 loader = { ··· 51 20 networkmanager = { 52 21 enable = true; 53 22 }; 54 54 - firewall = { 55 55 - # https://docs.k3s.io/installation/requirements#inbound-rules-for-k3s-server-nodes 56 56 - allowedTCPPorts = [ 57 57 - 6443 58 58 - 10250 59 59 - ]; 60 60 - allowedTCPPortRanges = [ 61 61 - { from = 2379; to = 2380; } 62 62 - ]; 63 63 - }; 64 23 }; 65 65 - 66 66 - time.timeZone = "Asia/Ho_Chi_Minh"; 67 67 - i18n.defaultLocale = "en_US.UTF-8"; 68 24 69 25 nix = { 70 26 settings = { ··· 82 38 }; 83 39 84 40 services = { 85 85 - openssh.enable = true; 86 86 - k3s = { 41 41 + openssh = { 87 42 enable = true; 88 88 - role = "server"; 89 89 - extraFlags = toString [ 90 90 - "--disable-helm-controller" 91 91 - "--disable-network-policy" 92 92 - "--disable=traefik" 93 93 - "--secrets-encryption=true" 94 94 - 95 95 - # TODO not sure why it doesn't play nice with the registry config below 96 96 - # "--snapshotter=stargz" 97 97 - 98 98 - # TODO if the node doesn't have IPv6, this will fail, so we can't enable by default yet 99 99 - # "--cluster-cidr=10.42.0.0/16,2001:cafe:42::/56" 100 100 - # "--service-cidr=10.43.0.0/16,2001:cafe:43::/112" 101 101 - ]; 102 43 }; 103 103 - yggdrasil = { 44 44 + qemuGuest = { 104 45 enable = true; 105 105 - persistentKeys = true; 106 106 - settings = { 107 107 - Peers = [ 108 108 - # https://publicpeers.neilalexander.dev 109 109 - "tls://sin.yuetau.net:6643" # Singapore 110 110 - "tls://mima.localghost.org:443" # Philippines 111 111 - "tls://133.18.201.69:54232" # Japan 112 112 - "tls://vpn.itrus.su:7992" # Netherlands 113 113 - "tls://ygg.jjolly.dev:3443" # United States 114 114 - ]; 115 115 - }; 116 46 }; 117 47 }; 118 48 119 119 - # TODO switch to services.k3s.registries https://github.com/NixOS/nixpkgs/pull/292023 120 120 - # Static ClusterIP so we can pull from the internal registry without going through an ingress for better performance 121 121 - # Alternatively this can be done by resolving DNS on the node via CoreDNS in some way, maybe via /etc/resolv.conf? 122 122 - # nix-shell -p dig --command "dig @10.43.0.10 zot.zot.svc.cluster.local" 123 123 - environment.etc."rancher/k3s/registries.yaml".text = '' 124 124 - mirrors: 125 125 - zot.zot.svc.cluster.local: 126 126 - endpoint: 127 127 - - http://10.43.0.50:5000 128 128 - ''; 129 129 - 130 130 - users.users.admin = { 131 131 - isNormalUser = true; 132 132 - description = "Admin"; 133 133 - extraGroups = [ 134 134 - "networkmanager" 135 135 - "wheel" 136 136 - ]; 137 137 - packages = with pkgs; [ 138 138 - neovim 139 139 - git 140 140 - gnumake 141 141 - tmux 142 142 - ]; 49 49 + users.users = { 50 50 + admin = { 51 51 + isNormalUser = true; 52 52 + extraGroups = [ 53 53 + "wheel" 54 54 + ]; 55 55 + openssh.authorizedKeys.keys = [ 56 56 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG" 57 57 + ]; 58 58 + }; 59 59 + root = { 60 60 + openssh.authorizedKeys.keys = [ 61 61 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG" 62 62 + ]; 63 63 + }; 143 64 }; 144 65 145 145 - system.stateVersion = "23.11"; 66 66 + system.stateVersion = "24.11"; 146 67 }

+9 -10

infra/.modules/nixos/flake.lock

reviewed

··· 7 7 ] 8 8 }, 9 9 "locked": { 10 10 - "lastModified": 1731274291, 11 11 - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", 10 10 + "lastModified": 1737038063, 11 11 + "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=", 12 12 "owner": "nix-community", 13 13 "repo": "disko", 14 14 - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", 14 14 + "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2", 15 15 "type": "github" 16 16 }, 17 17 "original": { ··· 22 22 }, 23 23 "nixpkgs": { 24 24 "locked": { 25 25 - "lastModified": 1731239293, 26 26 - "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", 25 25 + "lastModified": 1737672001, 26 26 + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", 27 27 "owner": "NixOS", 28 28 "repo": "nixpkgs", 29 29 - "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", 29 29 + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", 30 30 "type": "github" 31 31 }, 32 32 "original": { 33 33 - "owner": "NixOS", 34 34 - "ref": "nixos-24.05", 35 35 - "repo": "nixpkgs", 36 36 - "type": "github" 33 33 + "id": "nixpkgs", 34 34 + "ref": "nixos-24.11", 35 35 + "type": "indirect" 37 36 } 38 37 }, 39 38 "root": {

+18 -10

infra/.modules/nixos/flake.nix

reviewed

··· 1 1 { 2 2 - description = "Netamos"; 3 3 - 4 2 inputs = { 5 5 - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; 3 3 + nixpkgs.url = "nixpkgs/nixos-24.11"; 6 4 disko = { 7 5 url = "github:nix-community/disko"; 8 6 inputs.nixpkgs.follows = "nixpkgs"; 9 7 }; 10 8 }; 11 11 - 12 12 - outputs = { self, nixpkgs, disko }: { 9 9 + outputs = { nixpkgs, disko, ... }: { 13 10 nixosConfigurations = { 14 14 - netamos = nixpkgs.lib.nixosSystem { 15 15 - system = "x86_64-linux"; # TODO support multiple systems 11 11 + nixos = nixpkgs.lib.nixosSystem { 12 12 + system = "x86_64-linux"; 16 13 modules = [ 17 14 disko.nixosModules.disko 18 15 ./configuration.nix 16 16 + ./disks.nix 19 17 ]; 20 18 }; 21 21 - test = nixpkgs.lib.nixosSystem { 22 22 - system = "x86_64-linux"; # TODO support multiple systems 19 19 + devbox = nixpkgs.lib.nixosSystem { 20 20 + system = "x86_64-linux"; 23 21 modules = [ 24 22 disko.nixosModules.disko 25 23 ./configuration.nix 26 26 - ./test.nix 24 24 + ./disks.nix 25 25 + ./profiles/devbox.nix 26 26 + ]; 27 27 + }; 28 28 + k3s = nixpkgs.lib.nixosSystem { 29 29 + system = "x86_64-linux"; 30 30 + modules = [ 31 31 + disko.nixosModules.disko 32 32 + ./configuration.nix 33 33 + ./disks.nix 34 34 + ./profiles/k3s.nix 27 35 ]; 28 36 }; 29 37 };

-15

infra/.modules/nixos/test.nix

reviewed

··· 1 1 - { modulesPath, ... }: 2 2 - 3 3 - { 4 4 - imports = [ 5 5 - (modulesPath + "/virtualisation/qemu-vm.nix") 6 6 - ]; 7 7 - 8 8 - disko.devices.disk.main.device = "/dev/sda"; 9 9 - users.users.admin = { 10 10 - password = "test"; 11 11 - }; 12 12 - virtualisation = { 13 13 - graphics = false; 14 14 - }; 15 15 - }

+1 -1

infra/local/bootstrap/terragrunt.hcl

reviewed

··· 3 3 } 4 4 5 5 terraform { 6 6 - source = find_in_parent_folders(".modules")//bootstrap" 6 6 + source = "${find_in_parent_folders(".modules")}//bootstrap" 7 7 } 8 8 9 9 dependency "cluster" {

+1 -1

infra/local/cluster/terragrunt.hcl

reviewed

··· 3 3 } 4 4 5 5 terraform { 6 6 - source = find_in_parent_folders(".modules")//local-cluster" 6 6 + source = "${find_in_parent_folders(".modules")}//local-cluster" 7 7 } 8 8 9 9 inputs = {

-67

infra/nixos/configuration.nix

reviewed

··· 1 1 - { modulesPath, ... }: 2 2 - 3 3 - { 4 4 - imports = [ 5 5 - (modulesPath + "/profiles/all-hardware.nix") 6 6 - ]; 7 7 - 8 8 - boot = { 9 9 - loader = { 10 10 - systemd-boot = { 11 11 - enable = true; 12 12 - }; 13 13 - efi = { 14 14 - canTouchEfiVariables = true; 15 15 - }; 16 16 - }; 17 17 - }; 18 18 - 19 19 - networking = { 20 20 - networkmanager = { 21 21 - enable = true; 22 22 - }; 23 23 - }; 24 24 - 25 25 - nix = { 26 26 - settings = { 27 27 - experimental-features = [ 28 28 - "nix-command" 29 29 - "flakes" 30 30 - ]; 31 31 - }; 32 32 - optimise.automatic = true; 33 33 - gc = { 34 34 - automatic = true; 35 35 - dates = "weekly"; 36 36 - options = "--delete-older-than 30d"; 37 37 - }; 38 38 - }; 39 39 - 40 40 - services = { 41 41 - openssh = { 42 42 - enable = true; 43 43 - }; 44 44 - qemuGuest = { 45 45 - enable = true; 46 46 - }; 47 47 - }; 48 48 - 49 49 - users.users = { 50 50 - admin = { 51 51 - isNormalUser = true; 52 52 - extraGroups = [ 53 53 - "wheel" 54 54 - ]; 55 55 - openssh.authorizedKeys.keys = [ 56 56 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG" 57 57 - ]; 58 58 - }; 59 59 - root = { 60 60 - openssh.authorizedKeys.keys = [ 61 61 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG" 62 62 - ]; 63 63 - }; 64 64 - }; 65 65 - 66 66 - system.stateVersion = "24.11"; 67 67 - }

infra/nixos/disks.nix infra/.modules/nixos/disks.nix

reviewed

-47

infra/nixos/flake.lock

reviewed

··· 1 1 - { 2 2 - "nodes": { 3 3 - "disko": { 4 4 - "inputs": { 5 5 - "nixpkgs": [ 6 6 - "nixpkgs" 7 7 - ] 8 8 - }, 9 9 - "locked": { 10 10 - "lastModified": 1737038063, 11 11 - "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=", 12 12 - "owner": "nix-community", 13 13 - "repo": "disko", 14 14 - "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2", 15 15 - "type": "github" 16 16 - }, 17 17 - "original": { 18 18 - "owner": "nix-community", 19 19 - "repo": "disko", 20 20 - "type": "github" 21 21 - } 22 22 - }, 23 23 - "nixpkgs": { 24 24 - "locked": { 25 25 - "lastModified": 1737672001, 26 26 - "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", 27 27 - "owner": "NixOS", 28 28 - "repo": "nixpkgs", 29 29 - "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", 30 30 - "type": "github" 31 31 - }, 32 32 - "original": { 33 33 - "id": "nixpkgs", 34 34 - "ref": "nixos-24.11", 35 35 - "type": "indirect" 36 36 - } 37 37 - }, 38 38 - "root": { 39 39 - "inputs": { 40 40 - "disko": "disko", 41 41 - "nixpkgs": "nixpkgs" 42 42 - } 43 43 - } 44 44 - }, 45 45 - "root": "root", 46 46 - "version": 7 47 47 - }

-39

infra/nixos/flake.nix

reviewed

··· 1 1 - { 2 2 - inputs = { 3 3 - nixpkgs.url = "nixpkgs/nixos-24.11"; 4 4 - disko = { 5 5 - url = "github:nix-community/disko"; 6 6 - inputs.nixpkgs.follows = "nixpkgs"; 7 7 - }; 8 8 - }; 9 9 - outputs = { nixpkgs, disko, ... }: { 10 10 - nixosConfigurations = { 11 11 - nixos = nixpkgs.lib.nixosSystem { 12 12 - system = "x86_64-linux"; 13 13 - modules = [ 14 14 - disko.nixosModules.disko 15 15 - ./configuration.nix 16 16 - ./disks.nix 17 17 - ]; 18 18 - }; 19 19 - devbox = nixpkgs.lib.nixosSystem { 20 20 - system = "x86_64-linux"; 21 21 - modules = [ 22 22 - disko.nixosModules.disko 23 23 - ./configuration.nix 24 24 - ./disks.nix 25 25 - ./profiles/devbox.nix 26 26 - ]; 27 27 - }; 28 28 - k3s = nixpkgs.lib.nixosSystem { 29 29 - system = "x86_64-linux"; 30 30 - modules = [ 31 31 - disko.nixosModules.disko 32 32 - ./configuration.nix 33 33 - ./disks.nix 34 34 - ./profiles/k3s.nix 35 35 - ]; 36 36 - }; 37 37 - }; 38 38 - }; 39 39 - }

infra/nixos/profiles/k3s.nix infra/.modules/nixos/profiles/k3s.nix

reviewed

-118

infra/production/hetzner/helsinki/compute/hetzner-vm/configuration.nix

reviewed

··· 1 1 - { pkgs, ... }: 2 2 - 3 3 - { 4 4 - disko.devices = { 5 5 - disk = { 6 6 - main = { 7 7 - type = "disk"; 8 8 - # TODO don't hard code device? 9 9 - device = "/dev/sda"; 10 10 - content = { 11 11 - type = "gpt"; 12 12 - partitions = { 13 13 - boot = { 14 14 - size = "1M"; 15 15 - type = "EF02"; # for grub MBR 16 16 - }; 17 17 - ESP = { 18 18 - size = "1G"; 19 19 - type = "EF00"; 20 20 - content = { 21 21 - type = "filesystem"; 22 22 - format = "vfat"; 23 23 - mountpoint = "/boot"; 24 24 - mountOptions = [ "umask=0077" ]; 25 25 - }; 26 26 - }; 27 27 - root = { 28 28 - size = "100%"; 29 29 - content = { 30 30 - type = "filesystem"; 31 31 - format = "ext4"; 32 32 - mountpoint = "/"; 33 33 - }; 34 34 - }; 35 35 - }; 36 36 - }; 37 37 - }; 38 38 - }; 39 39 - }; 40 40 - 41 41 - boot = { 42 42 - loader = { 43 43 - systemd-boot = { 44 44 - enable = true; 45 45 - }; 46 46 - efi = { 47 47 - canTouchEfiVariables = true; 48 48 - }; 49 49 - }; 50 50 - }; 51 51 - 52 52 - networking = { 53 53 - networkmanager = { 54 54 - enable = true; 55 55 - }; 56 56 - firewall = { 57 57 - # https://docs.k3s.io/installation/requirements#inbound-rules-for-k3s-server-nodes 58 58 - allowedTCPPorts = [ 59 59 - 6443 60 60 - 10250 61 61 - ]; 62 62 - allowedTCPPortRanges = [ 63 63 - { from = 2379; to = 2380; } 64 64 - ]; 65 65 - }; 66 66 - }; 67 67 - 68 68 - nix = { 69 69 - settings = { 70 70 - experimental-features = [ 71 71 - "nix-command" 72 72 - "flakes" 73 73 - ]; 74 74 - }; 75 75 - optimise.automatic = true; 76 76 - gc = { 77 77 - automatic = true; 78 78 - dates = "weekly"; 79 79 - options = "--delete-older-than 30d"; 80 80 - }; 81 81 - }; 82 82 - 83 83 - services = { 84 84 - openssh.enable = true; 85 85 - k3s = { 86 86 - enable = true; 87 87 - role = "server"; 88 88 - extraFlags = toString [ 89 89 - "--disable-helm-controller" 90 90 - "--disable-network-policy" 91 91 - "--disable=traefik" 92 92 - "--secrets-encryption=true" 93 93 - "--snapshotter=stargz" 94 94 - 95 95 - # TODO better ipv6 ipam 96 96 - "--cluster-cidr=2001:cafe:42::/56" 97 97 - "--service-cidr=2001:cafe:43::/112" 98 98 - ]; 99 99 - }; 100 100 - }; 101 101 - 102 102 - users.users.admin = { 103 103 - isNormalUser = true; 104 104 - description = "Admin"; 105 105 - extraGroups = [ 106 106 - "networkmanager" 107 107 - "wheel" 108 108 - ]; 109 109 - packages = with pkgs; [ 110 110 - neovim 111 111 - git 112 112 - gnumake 113 113 - tmux 114 114 - ]; 115 115 - }; 116 116 - 117 117 - system.stateVersion = "25.05"; 118 118 - }

-48

infra/production/hetzner/helsinki/compute/hetzner-vm/flake.lock

reviewed

··· 1 1 - { 2 2 - "nodes": { 3 3 - "disko": { 4 4 - "inputs": { 5 5 - "nixpkgs": [ 6 6 - "nixpkgs" 7 7 - ] 8 8 - }, 9 9 - "locked": { 10 10 - "lastModified": 1755519972, 11 11 - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", 12 12 - "owner": "nix-community", 13 13 - "repo": "disko", 14 14 - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", 15 15 - "type": "github" 16 16 - }, 17 17 - "original": { 18 18 - "owner": "nix-community", 19 19 - "repo": "disko", 20 20 - "type": "github" 21 21 - } 22 22 - }, 23 23 - "nixpkgs": { 24 24 - "locked": { 25 25 - "lastModified": 1755593991, 26 26 - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", 27 27 - "owner": "NixOS", 28 28 - "repo": "nixpkgs", 29 29 - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", 30 30 - "type": "github" 31 31 - }, 32 32 - "original": { 33 33 - "owner": "NixOS", 34 34 - "ref": "nixos-25.05", 35 35 - "repo": "nixpkgs", 36 36 - "type": "github" 37 37 - } 38 38 - }, 39 39 - "root": { 40 40 - "inputs": { 41 41 - "disko": "disko", 42 42 - "nixpkgs": "nixpkgs" 43 43 - } 44 44 - } 45 45 - }, 46 46 - "root": "root", 47 47 - "version": 7 48 48 - }

-21

infra/production/hetzner/helsinki/compute/hetzner-vm/flake.nix

reviewed

··· 1 1 - { 2 2 - inputs = { 3 3 - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; 4 4 - disko = { 5 5 - url = "github:nix-community/disko"; 6 6 - inputs.nixpkgs.follows = "nixpkgs"; 7 7 - }; 8 8 - }; 9 9 - 10 10 - outputs = { self, nixpkgs, disko }: { 11 11 - nixosConfigurations = { 12 12 - master = nixpkgs.lib.nixosSystem { 13 13 - system = "aarch64-linux"; # TODO support multiple systems 14 14 - modules = [ 15 15 - disko.nixosModules.disko 16 16 - ./configuration.nix 17 17 - ]; 18 18 - }; 19 19 - }; 20 20 - }; 21 21 - }

infra/production/hetzner/helsinki/compute/hetzner-vm/main.tf infra/.modules/hetzner-nixos/main.tf

reviewed

infra/production/hetzner/helsinki/compute/hetzner-vm/outputs.tf infra/.modules/hetzner-nixos/outputs.tf

reviewed

infra/production/hetzner/helsinki/compute/hetzner-vm/variables.tf infra/.modules/hetzner-nixos/variables.tf

reviewed

infra/production/hetzner/helsinki/compute/hetzner-vm/versions.tf infra/.modules/hetzner-nixos/versions.tf

reviewed

+1 -2

infra/production/hetzner/helsinki/compute/terragrunt.hcl

reviewed

··· 1 1 terraform { 2 2 - # TODO move to modules 3 3 - source = "./hetzner-vm" 2 2 + source = "${find_in_parent_folders(".modules")}//hetzner-nixos" 4 3 } 5 4 6 5 # TODO temp skip

+1 -1

infra/production/oracle/bootstrap/terragrunt.hcl

reviewed

··· 3 3 } 4 4 5 5 terraform { 6 6 - source = find_in_parent_folders(".modules")//bootstrap" 6 6 + source = "${find_in_parent_folders(".modules")}//bootstrap" 7 7 } 8 8 9 9 dependency "cluster" {

+1 -1

infra/production/oracle/cluster/terragrunt.hcl

reviewed

··· 4 4 } 5 5 6 6 terraform { 7 7 - source = find_in_parent_folders(".modules")//cluster" 7 7 + source = "${find_in_parent_folders(".modules")}//cluster" 8 8 } 9 9 10 10 dependency "legacy" {

+1 -1

infra/production/oracle/legacy/terragrunt.hcl

reviewed

··· 4 4 } 5 5 6 6 terraform { 7 7 - source = find_in_parent_folders(".modules")//legacy" 7 7 + source = "${find_in_parent_folders(".modules")}//legacy" 8 8 } 9 9 10 10 inputs = {

+1 -1

infra/production/oracle/secrets/terragrunt.hcl

reviewed

··· 4 4 } 5 5 6 6 terraform { 7 7 - source = find_in_parent_folders(".modules")//secrets" 7 7 + source = "${find_in_parent_folders(".modules")}//secrets" 8 8 } 9 9 10 10 dependency "cluster" {

-22

infra/production/proxmox/vn-southwest-1/compute/.terraform.lock.hcl

reviewed

··· 58 58 ] 59 59 } 60 60 61 61 - provider "registry.opentofu.org/hashicorp/oci" { 62 62 - version = "7.15.0" 63 63 - hashes = [ 64 64 - "h1:qd075zUzmjgm+W3GezX95h9hjdFkKnCagDzy5RxUf28=", 65 65 - "zh:2e198d561ab5dbcf84c1984050bbcf5691811aebb22a06af8d946666686ac86b", 66 66 - "zh:33f242ca79e20069b54847477e8dbe28f965c7df3da05d0e1f31377dd9b24367", 67 67 - "zh:3d7c961d4b012e5d63588d030e491adf9b980555a5ab3c4510e9b74887aa81ec", 68 68 - "zh:44265b99500a7bb53e9c7108f0e83df5ebf480261388fc0a565e1785e6349da4", 69 69 - "zh:478bdb9d0883e74bf7ea11e352dc1e36bdb21d40c887da56675ad8411f7e8fec", 70 70 - "zh:5898c4ecb3e9f4ebd91a849e40e7925e73b5ef282afaf3f37069274817ebe886", 71 71 - "zh:5d9c2345e7e25e4cb02c9e4f6ce283ef37c4220c76ac39f1c14b8c9a77905b93", 72 72 - "zh:5e788eb84430d3872460df71e96c5b0363761a399c729581c13edfb327cbb67f", 73 73 - "zh:710183628e249f094afcb452a22812d878ae3728b4541adf38e8006087711e96", 74 74 - "zh:7ebb6d5586735e853d2c7ec6436dad945a72bb360e6a600c8c311d98d8819fda", 75 75 - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", 76 76 - "zh:c9e5b7f0dea6b1a6c1099b3bd64114382102b4dbe839c2dc53b3cd757f39bb4a", 77 77 - "zh:da2889b73c573531e235fc351f0caec925512fddac864f68812a175779b4b654", 78 78 - "zh:e12d11047fc78cace1b523791184bab6bf79d6d34fe82f56099313675f709c31", 79 79 - "zh:fd41831a5f59ed347cf75813491a0894f97b87618efa0b1037e369c260e0446e", 80 80 - ] 81 81 - } 82 82 - 83 61 provider "registry.opentofu.org/hashicorp/time" { 84 62 version = "0.13.1" 85 63 hashes = [

infra/production/proxmox/vn-southwest-1/compute/nixos-vm/main.tf infra/.modules/proxmox-nixos/main.tf

reviewed

infra/production/proxmox/vn-southwest-1/compute/nixos-vm/terraform.tf infra/.modules/proxmox-nixos/terraform.tf

reviewed

infra/production/proxmox/vn-southwest-1/compute/nixos-vm/variables.tf infra/.modules/proxmox-nixos/variables.tf

reviewed

+2 -2

infra/production/proxmox/vn-southwest-1/compute/terragrunt.hcl

reviewed

··· 4 4 } 5 5 6 6 terraform { 7 7 - source = "./nixos-vm" 7 7 + source = "${find_in_parent_folders(".modules")}//proxmox-nixos" 8 8 } 9 9 10 10 inputs = { 11 11 name = "k3s" 12 12 nixos = { 13 13 - flake = "${get_terragrunt_dir()}/../../../../nixos" 13 13 + flake = "${find_in_parent_folders(".modules")}/nixos" 14 14 host = "k3s" 15 15 } 16 16 cpu = {

-25

infra/production/tfstate/.terraform.lock.hcl

reviewed

··· 1 1 - # This file is maintained automatically by "tofu init". 2 2 - # Manual edits may be lost in future updates. 3 3 - 4 4 - provider "registry.opentofu.org/hashicorp/oci" { 5 5 - version = "7.6.0" 6 6 - hashes = [ 7 7 - "h1:fvwp3c4OPhuKW9gBVW8eInqBE/lXZx/gLFEZRUsHuYE=", 8 8 - "h1:l91jNGp7+F7wgSbEqeqkzPILeUOLVj1mgKMBKeADBn0=", 9 9 - "zh:07b8c1b8ddbd9cc62296f8573a8f89d282978b0cf3046dd354028811ac371cc6", 10 10 - "zh:17b42ca6aee04b3c903366d029311e7ffbea630882a93d418fbb364a3d91d8bf", 11 11 - "zh:1fb9c7841fb556e4d580dc41d906efd40c0d1d7659275b4bb5929f331ee1fea2", 12 12 - "zh:20325dbb45c495baa0b885dac1c79992998b98415260317e8ca3a45c5d0a7561", 13 13 - "zh:216a5eb1a5ebcb61feb9bd1b2551d9a0ccbde35857d4bb66eeba7ef240ac8ba3", 14 14 - "zh:4adedb1709478fb9778cf95d6ba649feb7d508380957c97edcdf5e8ff3f686c8", 15 15 - "zh:62b6c705523ceff1b55ab8863e4ec80829b15e4890a9e9d8f0ed4dcb73630a97", 16 16 - "zh:7aec9c64f308cf3eb9d85ebd2dc2518c97ef71c86c75bb64507c0c22f8dd6c01", 17 17 - "zh:8131877e0ec3ec868b09d3e3e4d6e0b7706989e6bd30ed4aeba3695f6de04888", 18 18 - "zh:9978257ee7fd7a0ea090e1c8d085e93687e43d0a7607271bc8011c282b7160a4", 19 19 - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", 20 20 - "zh:b51e7e20316c0181025628e32daf1f6760d42dd53f9f9de135a41ad893a1d1c7", 21 21 - "zh:c9aaafa914f161587dd3ab3b9b0a867da303f8c41256dfe795414364830d6180", 22 22 - "zh:f3db696340ea890cb41adf9bdae19e6b0132bc29a731260145cbf64f56831a18", 23 23 - "zh:fea0c8888a0e2b8d3523f6888a7faa3aa13df79d954089d776db4f9a96d2215f", 24 24 - ] 25 25 - }

+1 -1

infra/production/tfstate/terragrunt.hcl

reviewed

··· 4 4 } 5 5 6 6 terraform { 7 7 - source = find_in_parent_folders(".modules")//tfstate" 7 7 + source = "${find_in_parent_folders(".modules")}//tfstate" 8 8 9 9 before_hook "bootstrap_tfstate" { 10 10 commands = ["init", "plan", "apply"]