forked from Fediversity/Fediversity
74 lines
2 KiB
HCL
74 lines
2 KiB
HCL
locals {
|
|
vm_domain = "abundos.eu"
|
|
# user-facing applications
|
|
application_configs = {
|
|
# FIXME: wrap applications at the interface to grab them in one go?
|
|
mastodon = {
|
|
cfg = var.mastodon
|
|
hostname = "test06"
|
|
}
|
|
pixelfed = {
|
|
cfg = var.pixelfed
|
|
hostname = "test04"
|
|
}
|
|
peertube = {
|
|
cfg = var.peertube
|
|
hostname = "test05"
|
|
}
|
|
}
|
|
# services shared between applications
|
|
peripherals = { for name, inst in {
|
|
garage = "test01"
|
|
} : name => {
|
|
hostname = inst
|
|
cfg = {
|
|
# enable if any user applications are enabled
|
|
enable = anytrue([for _, app in local.application_configs: try(app.cfg.enable, false)])
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
module "nixos" {
|
|
source = "../sync-nix"
|
|
|
|
vm_domain = local.vm_domain
|
|
hostname = each.value.hostname
|
|
config_nix = each.value.config_nix
|
|
config_tf = each.value.config_tf
|
|
|
|
for_each = {for name, inst in merge(
|
|
local.peripherals,
|
|
local.application_configs,
|
|
) : name => merge(inst, {
|
|
config_tf = {
|
|
terraform = {
|
|
domain = var.domain
|
|
hostname = inst.hostname
|
|
initialUser = var.initialUser
|
|
}
|
|
}
|
|
config_nix = <<-EOF
|
|
{
|
|
# note interpolations here TF ones
|
|
imports = [
|
|
# shared NixOS config
|
|
${path.root}/../common/shared.nix
|
|
# FIXME: separate template options by service
|
|
${path.root}/options.nix
|
|
# for service `mastodon` import `mastodon.nix`
|
|
${path.root}/../../machines/operator/${inst.hostname}/${name}.nix
|
|
# FIXME: get VM details from TF
|
|
${path.root}/../../machines/operator/${inst.hostname}
|
|
];
|
|
## FIXME: switch root authentication to users with password-less sudo, see #24
|
|
users.users.root.openssh.authorizedKeys.keys = let
|
|
keys = import ../../keys;
|
|
in [
|
|
# allow our panel vm access to the test machines
|
|
keys.panel
|
|
];
|
|
}
|
|
EOF
|
|
}) if try(inst.cfg.enable, false)}
|
|
}
|