terraform { required_providers { proxmox = { source = "bpg/proxmox" version = "= 0.76.1" } } } provider "proxmox" { endpoint = "https://192.168.51.81:8006/" # because self-signed TLS certificate is in use insecure = true ssh { agent = true # TODO: uncomment and configure if using api_token instead of password username = "root" # FIXME: #24 } } locals { # user-facing applications application_configs = { # FIXME: wrap applications at the interface to grab them in one go? mastodon = var.mastodon pixelfed = var.pixelfed peertube = var.peertube } # services shared between applications peripherals = { for name in [ "garage" ] : name => { cfg = { # enable if any user applications are enabled enable = anytrue([for _, app in local.application_configs: try(app.enable, false)]) } } } } module "nixos" { source = "../sync-nix" category = "operator" description = each.key config_nix = each.value.config_nix config_tf = each.value.config_tf # FIXME recheck what may be moved back to sync-nix for_each = {for name, inst in merge( local.peripherals, # local.application_configs, ) : name => merge(inst, { config_tf = { fediversityVm = { name = name # used in hostname, selecting secrets domain = var.domain } fediversity = { domain = var.domain temp = { initialUser = var.initialUser } } } config_nix = <<-EOF { # note interpolations here are TF ones imports = [ # shared NixOS config ${path.root}/../common/shared.nix # FIXME: separate template options by service ${path.root}/options.nix # for service `mastodon` import `mastodon.nix` # FIXME: get VM details from TF ${path.root}/../../machines/operator/${inst.hostname} ${path.module}/${name}.nix ]; } EOF config_nix_base = <<-EOF { ## FIXME: switch root authentication to users with password-less sudo, see #24 users.users.root.openssh.authorizedKeys.keys = let keys = import ../../keys; in [ # allow our panel vm access to the test machines keys.panel ]; } EOF }) if try(inst.enable, false)} }