diff --git a/.gitignore b/.gitignore index 2d0e834..e193fbc 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,5 @@ output/ result .direnv/ .env +plan.out +config.tf.json \ No newline at end of file diff --git a/flake.lock b/flake.lock index f6625b8..2f0d65e 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,38 @@ "type": "github" } }, + "bats-assert": { + "flake": false, + "locked": { + "lastModified": 1636059754, + "narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=", + "owner": "bats-core", + "repo": "bats-assert", + "rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5", + "type": "github" + }, + "original": { + "owner": "bats-core", + "repo": "bats-assert", + "type": "github" + } + }, + "bats-support": { + "flake": false, + "locked": { + "lastModified": 1548869839, + "narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=", + "owner": "bats-core", + "repo": "bats-support", + "rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3", + "type": "github" + }, + "original": { + "owner": "bats-core", + "repo": "bats-support", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -42,6 +74,21 @@ "type": "github" } }, + "flake-utils": { + "locked": { + "lastModified": 1634851050, + "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -185,13 +232,66 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1636823747, + "narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f6a2ed2082d9a51668c86ba27d0b5496f7a2ea93", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "home-manager": "home-manager_2", "nixinate": "nixinate", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_3", + "terranix": "terranix" + } + }, + "terranix": { + "inputs": { + "bats-assert": "bats-assert", + "bats-support": "bats-support", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_4", + "terranix-examples": "terranix-examples" + }, + "locked": { + "lastModified": 1684906298, + "narHash": "sha256-pNuJxmVMGbBHw7pa+Bx0HY0orXIXoyyAXOKuQ1zpfus=", + "owner": "terranix", + "repo": "terranix", + "rev": "c0dd15076856c6cb425795b8c7d5d37d3a1e922a", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, + "terranix-examples": { + "locked": { + "lastModified": 1636300201, + "narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=", + "owner": "terranix", + "repo": "terranix-examples", + "rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix-examples", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index dd36082..8c26f44 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ description = "Nix flake for my infrastructure"; inputs = { agenix.url = "github:ryantm/agenix"; + terranix.url = "github:terranix/terranix"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixinate.url = "github:matthewcroughan/nixinate"; home-manager.url = "github:nix-community/home-manager"; @@ -12,9 +13,13 @@ }; }; - outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix }: + outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix }: let pkgs = nixpkgs.legacyPackages.x86_64-linux; + tf = terranix.lib.terranixConfiguration { + system = "x86_64-linux"; + modules = [ ./terraform/main.nix ]; + }; in { devShells.x86_64-linux.default = with pkgs; mkShell { shellHook = @@ -40,7 +45,30 @@ format = "sd-aarch64-installer"; }; }; - apps = nixinate.nixinate.x86_64-linux self; + + apps = nixinate.nixinate.x86_64-linux self // { + x86_64-linux = { + tf-plan = { + type = "app"; + program = toString (pkgs.writers.writeBash "plan" '' + if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi + cp ${tf} terraform/config.tf.json \ + && ${pkgs.terraform}/bin/terraform -chdir=terraform init \ + && ${pkgs.terraform}/bin/terraform -chdir=terraform plan -out=plan.out + ''); + }; + tf-apply = { + type = "app"; + program = toString (pkgs.writers.writeBash "apply" '' + if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi + cp ${tf} terraform/config.tf.json \ + && ${pkgs.terraform}/bin/terraform -chdir=terraform init \ + && ${pkgs.terraform}/bin/terraform -chdir=terraform apply plan.out + ''); + }; + }; + }; + homeConfigurations."gsimmer" = home-manager.lib.homeManagerConfiguration { inherit pkgs; modules = [ ./nix/london/gsimmer.nix ]; diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 78f5230..4d2e095 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -43,51 +43,6 @@ provider "registry.terraform.io/hashicorp/aws" { ] } -provider "registry.terraform.io/hetznercloud/hcloud" { - version = "1.36.1" - constraints = "1.36.1" - hashes = [ - "h1:xZSvxx6aUo0oZp2uqNxi/+wqnCNEBBuu8y7GeXIO9qA=", - "zh:16558b25c7f92f187278e94e951b0ab687882b06acff5b1387f3293f27939f8c", - "zh:28fc79ac2189ff0f5e6c9535ada8f57552b6e21c978b59dc78e086c27b9e4b23", - "zh:373907f9f7f2cefa94e2d5638bf5bef3d3b17e7655dc84dd6089346c6f4f9096", - "zh:394716cd877de682a0772d660f1bdb3838c5d751eca2211105d5ede248c48c39", - "zh:3c438c6590fcc8ac65a10039b2f5ba9ee379a734cb93a59c6cf74f385d891e87", - "zh:3f777a460a62fd23b283c269f1533b3887bf0c5564581e1e96cf294e077f5a8a", - "zh:4f62967553d7ce81ec14db7685306b625970ba6640b5764dc0137675ab97af0b", - "zh:56da08f8d75f596d6f9da4f0fd16bd60d1733cabcc260e885e1d7a711d6d3d8b", - "zh:62776c885bfa8e715dba6662f1744b5251f4cdd523dd4d1e4ccb2e25489593e9", - "zh:64cbb68139aa65f95ab3e654d872f9d34ef991fbf667fc30e0f29b96b5e8b4ed", - "zh:75a4b7a73ff0a537214d12d820438b7ae7a33d660e5d793f4ae0ebe3152bff00", - "zh:7b59d72538772ada7d51eaa50c905285200b1889ab29948b533412ccdf4d18de", - "zh:b84eeaa82bf765c6dd945ae83f1a9271fa5fad53b861b18b09cb8deda67dae13", - "zh:e81c3ea971e32a6ca3fdb0cd9e644614308ab2cf2a19482dd8a109d67fe3fb6f", - ] -} - -provider "registry.terraform.io/sharkyrawr/cloudns" { - version = "0.0.7" - constraints = "0.0.7" - hashes = [ - "h1:9j02xibBw0ol2nDg7dd/w5A3IwT9Ih2fQWC3LWmPrBw=", - "zh:00981e00a0efacc99e118cf72708b3889622afc8e997a18e29649a646bb25e83", - "zh:357235742de49011118f173e121e1406ef26a2bdda6864cd2f13c4cc9af73d3e", - "zh:3fa3db9190f8d44452f8d6528f7aebda15e66f5c33a8423bae32c352b157df38", - "zh:4bae8164457b0f94bcdcfed18d7296fabc01a46ac03f6ec21e38dbf442aabddb", - "zh:a27c5153b1fde30e7037ed19b354af8e1d9a4952ec420e5f6e09bdc148263e9e", - "zh:aa7d6555c0a345dbb094bb903d2ae5261ced464d8b58c2e24c561970130be824", - "zh:bc188c2ff5351453ae23e65b3baa00567cd0be8ca26c2be08fb0168a9b88d5d2", - "zh:c8e72151976d2bcdc107a926c3d9c9cee6e5ac0ce7e446544a60cca1d35217c3", - "zh:d648371729035dc52b0437462e9f91b24f3fea6427e043c0016e02a91c60b7eb", - "zh:d8dc24aa0c586a12ea19e46cf14e3e6fc1ec6e3281aafaba35da9d4e26f23cd0", - "zh:e43b20807b37db5c2bd2806350321b0bd6831c0675abe0d74d42c1cc894f711d", - "zh:fa101cec498688add26a3f5cee96bc409d09e1d611b4e934d4233a56d812f81b", - "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", - "zh:fd5bc423d1d68aa6905ba01e0e5e3f552e4f656f636117cd26e1f2394a6d1bf4", - "zh:fe80010ea109e573561da1c93d91af7d8525387e0d2ff1185672f7464fb26956", - ] -} - provider "registry.terraform.io/vercel/vercel" { version = "0.14.0" constraints = "0.14.0" diff --git a/terraform/gmem.ca.tf b/terraform/gmem.ca.tf index 9d657ac..558bbdb 100644 --- a/terraform/gmem.ca.tf +++ b/terraform/gmem.ca.tf @@ -194,34 +194,16 @@ output "website_endpoint" { value = aws_s3_bucket_website_configuration.gmem-ca-static_site.website_domain } -resource "aws_acm_certificate" "gmem-ca-cert" { - domain_name = aws_route53_zone.gmemca.name - validation_method = "DNS" - provider = aws.virginia -} - resource "aws_route53_record" "gmem-ca-cert_validation" { - for_each = { - for dvo in aws_acm_certificate.gmem-ca-cert.domain_validation_options : dvo.domain_name => { - name = dvo.resource_record_name - record = dvo.resource_record_value - type = dvo.resource_record_type - } - } - - name = each.value.name - records = [each.value.record] + name = "_3adc54fd4a6993b9586a54e190b9fb71.gmem.ca" + records = [ + "_094fa9d82c24dca77f6e9059f535d155.fpgkgnzppq.acm-validations.aws." + ] ttl = 60 - type = each.value.type + type = "CNAME" zone_id = aws_route53_zone.gmemca.zone_id } -resource "aws_acm_certificate_validation" "gmem-ca-cert" { - certificate_arn = aws_acm_certificate.gmem-ca-cert.arn - validation_record_fqdns = [for record in aws_route53_record.gmem-ca-cert_validation : record.fqdn] - provider = aws.virginia -} - resource "aws_cloudfront_distribution" "gmem-ca-s3_distribution" { origin { domain_name = aws_s3_bucket.gmem-ca-static_site.bucket_regional_domain_name @@ -257,7 +239,7 @@ resource "aws_cloudfront_distribution" "gmem-ca-s3_distribution" { comment = "S3 Static Site Distribution for gmem.ca" default_root_object = "index.html" - aliases = [aws_acm_certificate.gmem-ca-cert.domain_name] + aliases = [ "gmem.ca", "arch.dog" ] default_cache_behavior { allowed_methods = ["GET", "HEAD", "OPTIONS"] @@ -301,7 +283,7 @@ resource "aws_cloudfront_distribution" "gmem-ca-s3_distribution" { } viewer_certificate { - acm_certificate_arn = aws_acm_certificate_validation.gmem-ca-cert.certificate_arn + acm_certificate_arn = "arn:aws:acm:us-east-1:939265269301:certificate/1aa4bae9-701d-4f55-bad4-85144f6c1297" ssl_support_method = "sni-only" minimum_protocol_version = "TLSv1.2_2021" } diff --git a/terraform/hcloud-kubernetes-cluster.tf b/terraform/hcloud-kubernetes-cluster.tf deleted file mode 100644 index 5a97203..0000000 --- a/terraform/hcloud-kubernetes-cluster.tf +++ /dev/null @@ -1,62 +0,0 @@ -resource "hcloud_network" "kube-network" { - name = "kube-network" - ip_range = "10.0.0.0/16" -} - -resource "hcloud_network_subnet" "kube-subnet" { - network_id = hcloud_network.kube-network.id - type = "cloud" - network_zone = "eu-central" - ip_range = "10.0.1.0/24" -} - -resource "hcloud_ssh_key" "default" { - name = "YubiKey" - public_key = file("~/.ssh/id_ed25519_sk.pub") -} - -resource "hcloud_server" "control-plane" { - count = 0 - name = "control-plane" - server_type = "cx21" - image = "ubuntu-22.04" - location = "nbg1" - - network { - network_id = hcloud_network.kube-network.id - ip = "10.0.1.1" - } - - depends_on = [ - hcloud_network_subnet.kube-subnet - ] - - user_data = templatefile("${path.module}/templates/tailscale-kube-control-plane.yaml.tpl", { - tailscale_key = var.tailscale_key - }) - - ssh_keys = [hcloud_ssh_key.default.id] -} - -resource "hcloud_server" "worker-node" { - count = 0 - name = "worker-node-${count.index + 1}" - server_type = "cx21" - image = "ubuntu-22.04" - location = "nbg1" - - network { - network_id = hcloud_network.kube-network.id - ip = "10.0.1.${count.index + 2}" - } - - depends_on = [ - hcloud_network_subnet.kube-subnet - ] - - user_data = templatefile("${path.module}/templates/tailscale-kube-worker.yaml.tpl", { - tailscale_key = var.tailscale_key - }) - - ssh_keys = [hcloud_ssh_key.default.id] -} diff --git a/terraform/main.nix b/terraform/main.nix new file mode 100644 index 0000000..f2af026 --- /dev/null +++ b/terraform/main.nix @@ -0,0 +1,28 @@ +{ ... }: { + terraform = { + required_providers = { + cloudflare.source = "cloudflare/cloudflare"; + vercel.source = "vercel/vercel"; + }; + backend."s3" = { + bucket = "gsimmer-terraform-state"; + key = "state/personal.tfstate"; + region = "eu-west-2"; + + dynamodb_table = "gsimmer-terraform-lock"; + }; + }; + + provider = { + "cloudflare" = {}; + "aws" = [ + { + region = "us-east-1"; + alias = "virginia"; + } + { + region = "eu-west-2"; + } + ]; + }; +} diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index d632544..0000000 --- a/terraform/main.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_providers { - vercel = { - source = "vercel/vercel" - version = "0.14.0" - } - aws = { - source = "hashicorp/aws" - version = "4.28.0" - } - hcloud = { - source = "hetznercloud/hcloud" - version = "1.36.1" - } - cloudflare = { - source = "cloudflare/cloudflare" - version = "3.33.1" - } - cloudns = { - source = "SharkyRawr/cloudns" - version = "0.0.7" - } - } - backend "s3" { - bucket = "gsimmer-terraform-state" - key = "state/personal.tfstate" - region = "eu-west-2" - - dynamodb_table = "gsimmer-terraform-lock" - } -} - -provider "aws" { - alias = "virginia" - region = "us-east-1" -} - -provider "aws" { - region = "eu-west-2" -} - -provider "hcloud" {} - -variable "tailscale_key" { - type = string -} - -provider "cloudns" {}