forked from Fediversity/Fediversity
Kiara Grouwstra
dd5a6335b1
pass in description fix syntax configure proxmox provider typo add doc comment in existing modules add comment allow insecure proxmox connection for use in dev wip proxmox progress use service configurations moved to machine-independent location wire settings directly without option block terraform adjust cwd try tf on null input update .envrc.sample with sample proxmox credentials
90 lines
2.3 KiB
HCL
90 lines
2.3 KiB
HCL
terraform {
|
|
required_providers {
|
|
proxmox = {
|
|
source = "bpg/proxmox"
|
|
version = "= 0.76.1"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "proxmox" {
|
|
endpoint = "https://192.168.51.81:8006/"
|
|
# because self-signed TLS certificate is in use
|
|
insecure = true
|
|
|
|
ssh {
|
|
agent = true
|
|
# TODO: uncomment and configure if using api_token instead of password
|
|
username = "root" # FIXME: #24
|
|
}
|
|
}
|
|
|
|
locals {
|
|
# user-facing applications
|
|
application_configs = {
|
|
# FIXME: wrap applications at the interface to grab them in one go?
|
|
mastodon = var.mastodon
|
|
pixelfed = var.pixelfed
|
|
peertube = var.peertube
|
|
}
|
|
# services shared between applications
|
|
peripherals = { for name in [
|
|
"garage"
|
|
] : name => {
|
|
cfg = {
|
|
# enable if any user applications are enabled
|
|
enable = anytrue([for _, app in local.application_configs: try(app.enable, false)])
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
module "nixos" {
|
|
source = "../sync-nix"
|
|
category = "operator"
|
|
|
|
description = each.key
|
|
config_nix = each.value.config_nix
|
|
config_tf = each.value.config_tf
|
|
|
|
# FIXME recheck what may be moved back to sync-nix
|
|
for_each = {for name, inst in merge(
|
|
local.peripherals,
|
|
local.application_configs,
|
|
) : name => merge(inst, {
|
|
config_tf = {
|
|
fediversityVm = {
|
|
name = name # used in hostname, selecting secrets
|
|
domain = var.domain
|
|
}
|
|
fediversity = {
|
|
domain = var.domain
|
|
temp = {
|
|
initialUser = var.initialUser
|
|
}
|
|
}
|
|
}
|
|
config_nix = <<-EOF
|
|
{
|
|
# note interpolations here are TF ones
|
|
imports = [
|
|
# shared NixOS config
|
|
${path.root}/../common/shared.nix
|
|
# FIXME: separate template options by service
|
|
${path.root}/options.nix
|
|
# for service `mastodon` import `mastodon.nix`
|
|
# FIXME: get VM details from TF
|
|
${path.root}/../../machines/operator/${inst.hostname}
|
|
${path.module}/${name}.nix
|
|
];
|
|
## FIXME: switch root authentication to users with password-less sudo, see #24
|
|
users.users.root.openssh.authorizedKeys.keys = let
|
|
keys = import ../../keys;
|
|
in [
|
|
# allow our panel vm access to the test machines
|
|
keys.panel
|
|
];
|
|
}
|
|
EOF
|
|
}) if try(inst.enable, false)}
|
|
}
|