arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Update, use opentofu

Browse source
This commit is contained in:
Gabriel Simmer 2023-10-08 22:54:52 +01:00
parent e89431f6b0
commit 36c46f5d07
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
2 changed files with 240 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

221
flake.lock
View file

@ -7,16 +7,17 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1695339232,
"narHash": "sha256-6wQHW3uHECpGIBolTccQ6x3/9b8E1SrO+VzTABKe2xM=",
"lastModified": 1695384796,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "7f9dfa309f24dc74450ecab6e74bc3d11c7ce735",
"rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
"type": "github"
}
},
@ -93,6 +94,43 @@
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1696343447,
"narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
@ -109,6 +147,24 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -151,11 +207,11 @@
]
},
"locked": {
"lastModified": 1695224363,
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
"lastModified": 1696737557,
"narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
"rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
"type": "github"
},
"original": {
@ -164,6 +220,45 @@
"type": "github"
}
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1696766909,
"narHash": "sha256-lU1BmCWpQ9cx64YnJKc89lMg9cx4pCokXIbh5J//2t0=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "9f495e4feea66426589cbb59ac8b972993b5d872",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lib-aggregate",
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1696712215,
"narHash": "sha256-znUR51gbpoqm79FKVyVl9V4va6P5bTr7tohPPW+iydU=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "26af7cabdb7ee637dc9b63f1ce609a467534713c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nixinate": {
"inputs": {
"nixpkgs": "nixpkgs_3"
@ -205,11 +300,11 @@
]
},
"locked": {
"lastModified": 1693791338,
"narHash": "sha256-wHmtB5H8AJTUaeGHw+0hsQ6nU4VyvVrP2P4NeCocRzY=",
"lastModified": 1696058303,
"narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "8ee78470029e641cddbd8721496da1316b47d3b4",
"rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
"type": "github"
},
"original": {
@ -234,6 +329,44 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1696726172,
"narHash": "sha256-89yxFXzTA7JRyWo6hg7SD4DlS/ejYt8Y8IvGZHbSWsg=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "59da6ac0c02c48aa92dee37057f978412797db2a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696768017,
"narHash": "sha256-a3/jmm6ppT8Jtz4qq6urVCSNpcbKGsv18RMB3wXWk5w=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "20c7e3550485ed6be55c2ce9b6c8c05bbb9a6e1b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1670242877,
@ -268,11 +401,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1695132891,
"narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=",
"lastModified": 1696693680,
"narHash": "sha256-PH0HQTkqyj7DmdPKPwrrXwVURLBqzZs4nqnDw9q8mhg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606",
"rev": "945559664c1dc5836173ee12896ba421d9b37181",
"type": "github"
},
"original": {
@ -283,6 +416,22 @@
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1696466515,
"narHash": "sha256-SQJyUBoLXmPGueYTLj1yDVHolg2pnB+rUR4Z6p5AKpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c52af267ad0c11b55f89cf6c70adb10694ad938e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -305,23 +454,39 @@
"nixinate": "nixinate",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_4",
"nixpkgs-wayland": "nixpkgs-wayland",
"terranix": "terranix"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": {
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_5",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_6",
"terranix-examples": "terranix-examples"
},
"locked": {
"lastModified": 1684906298,
"narHash": "sha256-pNuJxmVMGbBHw7pa+Bx0HY0orXIXoyyAXOKuQ1zpfus=",
"lastModified": 1695406838,
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
"owner": "terranix",
"repo": "terranix",
"rev": "c0dd15076856c6cb425795b8c7d5d37d3a1e922a",
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
"type": "github"
},
"original": {
@ -344,6 +509,28 @@
"repo": "terranix-examples",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1695822946,
"narHash": "sha256-IQU3fYo0H+oGlqX5YrgZU3VRhbt2Oqe6KmslQKUO4II=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "720bd006d855b08e60664e4683ccddb7a9ff614a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

43
flake.nix
View file

@ -1,10 +1,14 @@
{
description = "Nix flake for my infrastructure";
inputs = {
agenix.url = "github:ryantm/agenix";
agenix.url = "github:ryantm/agenix?rev=1f677b3e161d3bdbfd08a939e8f25de2568e0ef4";
terranix.url = "github:terranix/terranix";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixinate.url = "github:matthewcroughan/nixinate";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -16,7 +20,7 @@
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
};
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy }:
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland}:
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration {
@ -32,7 +36,7 @@
set +o allexport
'';
nativeBuildInputs = [
jq terraform ansible kubectl awscli2
jq opentofu kubectl awscli2
nodePackages.yaml-language-server
k9s terraform-ls kubernetes-helm nil
];
@ -56,8 +60,8 @@
program = toString (pkgs.writers.writeBash "plan" ''
if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi
cp ${tf} terraform/config.tf.json \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform init \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform plan -out=plan.out
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform init \
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform plan -out=plan.out
'');
};
tf-apply = {
@ -65,8 +69,8 @@
program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi
cp ${tf} terraform/config.tf.json \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform init \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform apply plan.out
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform init \
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform apply plan.out
'');
};
};
@ -86,6 +90,31 @@
home-manager.useUserPackages = true;
home-manager.users.gsimmer = import ./nix/london/gsimmer.nix;
}
({pkgs, config, ... }:
{
config = {
nix.settings = {
# add binary caches
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
];
substituters = [
"https://cache.nixos.org"
"https://nixpkgs-wayland.cachix.org"
];
};
# use it as an overlay
nixpkgs.overlays = [ nixpkgs-wayland.overlay ];
# or, pull specific packages (built against inputs.nixpkgs, usually `nixos-unstable`)
environment.systemPackages = [
nixpkgs-wayland.packages.x86_64-linux.waybar
];
};
}
)
];
};
oracle-gitea-runner = nixpkgs.lib.nixosSystem {