kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

merge tf modules

Browse source
This commit is contained in:
Kiara Grouwstra 2025-04-13 13:11:04 +02:00
parent d955e39f4c
commit ef214ced10
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
4 changed files with 61 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
launch/garage.nix
View file

@ -1,3 +1,4 @@
{ pkgs, ... }:
let let
## NOTE: All of these secrets are publicly available in this source file ## NOTE: All of these secrets are publicly available in this source file
## and will end up in the Nix store. We don't care as they are only ever ## and will end up in the Nix store. We don't care as they are only ever
@ -23,15 +24,11 @@ let
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987"; s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
}; };
in in
import ./shared.nix { {
module = fediversity = {
{ pkgs, ... }: garage.enable = true;
{ pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
fediversity = { mastodon = mastodonS3KeyConfig { inherit pkgs; };
garage.enable = true; peertube = peertubeS3KeyConfig { inherit pkgs; };
pixelfed = pixelfedS3KeyConfig { inherit pkgs; }; };
mastodon = mastodonS3KeyConfig { inherit pkgs; };
peertube = peertubeS3KeyConfig { inherit pkgs; };
};
};
} }

70
launch/main.tf
View file

@ -65,6 +65,11 @@ variable "deploy_environment" {
} }
locals { locals {
system = "x86_64-linux"
pins = data.external.pins.result
peripheral_services = {
garage = "test01"
}
applications = { applications = {
mastodon = { mastodon = {
cfg = var.mastodon cfg = var.mastodon
@ -79,28 +84,55 @@ locals {
hostname = "test03" hostname = "test03"
} }
} }
peripheral = { for name, inst in local.peripheral_services : name => {
hostname = inst
cfg = {
enable = anytrue([for _, app in local.applications: app.cfg.enable])
}
}
}
} }
# module "garage" { data "external" "pins" {
# source = "./vm" program = ["nix", "eval", "--json", "-f", "${path.root}/../npins"]
# count = var.mastodon.enable || var.pixelfed.enable || var.peertube.enable ? 1 : 0 }
# domain = var.domain
# hostname = "test01"
# config = "garage"
# initialUser = var.initialUser
# terraform-nixos = var.terraform-nixos
# ssh_private_key_file = var.ssh_private_key_file
# deploy_environment = var.deploy_environment
# }
module "nixos" { module "deploy" {
source = "./vm" source = "${var.terraform-nixos}//deploy_nixos"
domain = var.domain for_each = {for name, inst in merge(
initialUser = var.initialUser local.peripheral,
terraform-nixos = var.terraform-nixos local.applications,
) : name => inst if inst.cfg.enable}
ssh_private_key_file = var.ssh_private_key_file ssh_private_key_file = var.ssh_private_key_file
target_host = "${each.value.hostname}.abundos.eu"
target_user= "root" # FIXME: #24
target_system = local.system
NIX_PATH = join(":", [for name, path in local.pins : "${name}=${path}"])
deploy_environment = var.deploy_environment deploy_environment = var.deploy_environment
for_each = { for name, inst in local.applications : name => inst if inst.cfg.enable } hermetic = true
config = each.key config_pwd = path.root
hostname = each.value.hostname config = <<-EOT
let
terraform = builtins.fromJSON ''${jsonencode({
domain = var.domain
hostname = each.value.hostname
initialUser = var.initialUser
})}'';
in
import <nixpkgs/nixos/lib/eval-config.nix> {
system = "${local.system}";
specialArgs = { inherit terraform; };
modules = [
# ${path.root}/options.nix
${path.root}/shared.nix
${path.root}/${each.key}.nix
# (terraform)
];
}
EOT
perform_gc = false
build_on_target = false
triggers = {
pins = jsonencode(local.pins)
}
} }

5
launch/shared.nix
View file

@ -1,7 +1,6 @@
{ {
pkgs, pkgs,
terraform, terraform,
sources,
... ...
}: }:
let let
@ -9,8 +8,8 @@ let
in in
{ {
imports = [ imports = [
"${sources.disko}/module.nix" <disko/module.nix>
"${sources.agenix}/modules/age.nix" <agenix/modules/age.nix>
../services/fediversity ../services/fediversity
./resource.nix ./resource.nix
# FIXME: get VM details from TF # FIXME: get VM details from TF

80
launch/vm/main.tf
View file

@ -1,80 +0,0 @@
variable "terraform-nixos" {
type = string
}
variable "config" {
type = string
}
variable "domain" {
type = string
}
variable "hostname" {
type = string
}
variable "initialUser" {
type = object({
displayName = string
username = string
password = string
email = string
})
}
variable "ssh_private_key_file" {
type = string
description = "Path to private key used to connect to the target_host"
default = ""
}
variable "deploy_environment" {
type = map(string)
description = "Extra environment variables to be set during deployment."
default = {}
}
locals {
system = "x86_64-linux"
nixpkgs = data.external.pins.result["nixpkgs"]
sources = "${path.root}/../npins"
}
module "deploy" {
source = "${var.terraform-nixos}//deploy_nixos"
ssh_private_key_file = var.ssh_private_key_file
target_host = "${var.hostname}.abundos.eu"
target_user= "root" # FIXME: #24
target_system = local.system
NIX_PATH = "nixpkgs=${local.nixpkgs}:sources=${local.sources}"
deploy_environment = var.deploy_environment
hermetic = true
config_pwd = path.root
config = <<-EOT
import ${data.external.pins.result["nixpkgs"]}/nixos/lib/eval-config.nix {
system = "${local.system}";
specialArgs = {
sources = import ${path.root}/../npins;
terraform = builtins.fromJSON ''${jsonencode({
domain = var.domain
hostname = var.hostname
initialUser = var.initialUser
})}'';
};
modules = [
${path.root}/${var.config}.nix
${path.root}/shared.nix
];
}
EOT
perform_gc = false
build_on_target = false
# triggers = {
# # pins = data.external.pins.result
# }
}
data "external" "pins" {
program = ["nix", "eval", "--json", "-f", "${path.root}/../npins"]
}