diff --git a/default.nix b/default.nix index caf55459..761274e6 100644 --- a/default.nix +++ b/default.nix @@ -7,7 +7,7 @@ rec { defaultFile = "nixos.nix"; }; - hosts = import ./lib/hosts.nix { inherit pkgs sources witch profiles; }; + hosts = import ./lib/hosts.nix { inherit pkgs sources witch profiles; inherit (deploy) tf; }; inherit (pkgs) lib; diff --git a/lib/deploy.nix b/lib/deploy.nix index 641a9e46..e48932a7 100644 --- a/lib/deploy.nix +++ b/lib/deploy.nix @@ -15,9 +15,10 @@ let tfEval ({ config, ... }: { imports = mapAttrsToList (name: host: import (../hosts + "/${name}/meta.nix")) - hosts; + hosts ++ [{ config = mkMerge (mapAttrsToList (_: host: mapAttrs (_: mkMerge) host.config.deploy.tf.out.set) hosts); }]; - deps = { + deps = { + select.allProviders = true; enable = true; select.hclPaths = (map (name: config.resources."${name}_system_switch".out.hclPathStr) @@ -62,11 +63,13 @@ let value.shellCommand = "bitw get infra/rfc2136 -f password"; }; + dns.zones."kittywit.ch." = { provider = "dns"; }; + providers.hcloud = { inputs.token = config.variables.hcloud_token.ref; }; providers.dns = { inputs.update = { - server = "45.129.95.255"; + server = "ns1.as207960.net"; key_name = config.variables.glauca_key.ref; key_secret = config.variables.glauca_secret.ref; key_algorithm = "hmac-sha512"; diff --git a/lib/hosts.nix b/lib/hosts.nix index ff5ac0b7..0637a44a 100644 --- a/lib/hosts.nix +++ b/lib/hosts.nix @@ -1,4 +1,4 @@ -{ pkgs, hostsDir ? ../hosts, profiles, pkgsPath ? ../pkgs, sources ? { } +{ pkgs, tf, hostsDir ? ../hosts, profiles, pkgsPath ? ../pkgs, sources ? { } , witch ? { } }: with pkgs.lib; @@ -27,7 +27,7 @@ rec { else { }) ]; - specialArgs = { inherit sources profiles witch hostName; }; + specialArgs = { inherit sources tf profiles witch hostName; }; })) hostNames); groupNames = unique (concatLists diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 44b96a6d..111da8c6 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -3,6 +3,7 @@ { imports = [ ./deploy + ./tf-glue (sources.tf-nix + "/modules/nixos/secrets.nix") (sources.tf-nix + "/modules/nixos/secrets-users.nix") ]; diff --git a/modules/nixos/tf-glue/default.nix b/modules/nixos/tf-glue/default.nix new file mode 100644 index 00000000..df5d23b4 --- /dev/null +++ b/modules/nixos/tf-glue/default.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: with lib; let + cfg = config.deploy.tf; + unmergedValues = types.mkOptionType { + name = "unmergedValues"; + merge = loc: defs: map (def: def.value) defs; + }; +in { + options.deploy.tf = mkOption { + type = types.submodule { + freeformType = types.attrsOf unmergedValues; + + options = { + attrs = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + out.set = mkOption { + type = types.unspecified; + }; + }; + }; + }; + + config = { + deploy.tf = { + attrs = [ "out" "attrs" ]; + out.set = removeAttrs cfg cfg.attrs; + }; + }; +} diff --git a/nix/sources.json b/nix/sources.json index 2ea9c94d..61810502 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -124,10 +124,10 @@ "homepage": null, "owner": "arcnmx", "repo": "tf-nix", - "rev": "f8388c58aa7759dede5163a011fb1a08e7c27fc8", - "sha256": "0n0cp2hz00naz78dxi3b7ayrjv4l0001sc1k08w01aw2p400wpyc", + "rev": "f4fe8c91d7048340ac5ff018c70736db4e92ce25", + "sha256": "1qjpj0xwwxhc2qj8ciscqz60x7wgsaw72zza61hckh0qc9xdwx6w", "type": "tarball", - "url": "https://github.com/arcnmx/tf-nix/archive/f8388c58aa7759dede5163a011fb1a08e7c27fc8.tar.gz", + "url": "https://github.com/arcnmx/tf-nix/archive/f4fe8c91d7048340ac5ff018c70736db4e92ce25.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } }