forked from Fediversity/Fediversity
138 lines
3 KiB
HCL
138 lines
3 KiB
HCL
variable "terraform-nixos" {
|
|
type = string
|
|
}
|
|
|
|
variable "domain" {
|
|
type = string
|
|
default = "fediversity.net"
|
|
}
|
|
|
|
variable "mastodon" {
|
|
type = object({
|
|
enable = bool
|
|
})
|
|
default = {
|
|
enable = false
|
|
}
|
|
}
|
|
|
|
variable "pixelfed" {
|
|
type = object({
|
|
enable = bool
|
|
})
|
|
default = {
|
|
enable = false
|
|
}
|
|
}
|
|
|
|
variable "peertube" {
|
|
type = object({
|
|
enable = bool
|
|
})
|
|
default = {
|
|
enable = false
|
|
}
|
|
}
|
|
|
|
variable "initialUser" {
|
|
type = object({
|
|
displayName = string
|
|
username = string
|
|
email = string
|
|
# TODO: mark (nested) credentials as sensitive
|
|
# https://discuss.hashicorp.com/t/is-it-possible-to-mark-an-attribute-of-an-object-as-sensitive/24649/2
|
|
password = string
|
|
})
|
|
default = {
|
|
displayName = "Testy McTestface"
|
|
username = "test"
|
|
email = "test@test.com"
|
|
password = "testtest"
|
|
}
|
|
}
|
|
|
|
# TODO: could this straight-up be added in the child module instead?
|
|
variable "ssh_private_key_file" {
|
|
type = string
|
|
description = "Path to private key used to connect to the target_host"
|
|
default = ""
|
|
}
|
|
|
|
variable "deploy_environment" {
|
|
type = map(string)
|
|
description = "Extra environment variables to be set during deployment."
|
|
default = {}
|
|
}
|
|
|
|
locals {
|
|
system = "x86_64-linux"
|
|
pins = data.external.pins.result
|
|
peripheral_services = {
|
|
garage = "test01"
|
|
}
|
|
applications = {
|
|
mastodon = {
|
|
cfg = var.mastodon
|
|
hostname = "test06"
|
|
}
|
|
pixelfed = {
|
|
cfg = var.pixelfed
|
|
hostname = "test04"
|
|
}
|
|
peertube = {
|
|
cfg = var.peertube
|
|
hostname = "test03"
|
|
}
|
|
}
|
|
peripheral = { for name, inst in local.peripheral_services : name => {
|
|
hostname = inst
|
|
cfg = {
|
|
enable = anytrue([for _, app in local.applications: app.cfg.enable])
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
data "external" "pins" {
|
|
program = ["nix", "eval", "--json", "-f", "${path.root}/../npins"]
|
|
}
|
|
|
|
module "deploy" {
|
|
source = "${var.terraform-nixos}//deploy_nixos"
|
|
for_each = {for name, inst in merge(
|
|
local.peripheral,
|
|
local.applications,
|
|
) : name => inst if inst.cfg.enable}
|
|
ssh_private_key_file = var.ssh_private_key_file
|
|
target_host = "${each.value.hostname}.abundos.eu"
|
|
target_user= "root" # FIXME: #24
|
|
target_system = local.system
|
|
NIX_PATH = join(":", [for name, path in local.pins : "${name}=${path}"])
|
|
deploy_environment = var.deploy_environment
|
|
hermetic = true
|
|
config_pwd = path.root
|
|
config = <<-EOT
|
|
let
|
|
terraform = builtins.fromJSON ''${jsonencode({
|
|
domain = var.domain
|
|
hostname = each.value.hostname
|
|
initialUser = var.initialUser
|
|
})}'';
|
|
in
|
|
import <nixpkgs/nixos/lib/eval-config.nix> {
|
|
system = "${local.system}";
|
|
specialArgs = { inherit terraform; };
|
|
modules = [
|
|
# ${path.root}/options.nix
|
|
${path.root}/shared.nix
|
|
${path.root}/${each.key}.nix
|
|
# (terraform)
|
|
];
|
|
}
|
|
EOT
|
|
perform_gc = false
|
|
build_on_target = false
|
|
triggers = {
|
|
pins = jsonencode(local.pins)
|
|
}
|
|
}
|