kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity

[YUKARI] Initialise

Browse source
This commit is contained in:
Kat Inskip 2023-04-24 19:13:15 -07:00
parent 572dd0e4db
commit aa266cc383
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
28 changed files with 877 additions and 614 deletions
Download patch file Download diff file Expand all files Collapse all files

9
iac/base.nix
View file

@ -1,9 +0,0 @@
_: let
hostConfig = {HOSTCONFIG};
in {
arch = "{ARCHITECTURE}";
type = "NixOS";
modules = [
hostConfig
];
}

3
iac/device.go
View file

@ -78,6 +78,7 @@ func (d *Device) handle(ctx *pulumi.Context, zone *Zone, CAKey *tls.PrivateKey,
if err != nil {
return err
}
/*
if d.Hostname != "koishi" && d.Hostname != "tewi" {
return err
}
@ -88,7 +89,7 @@ func (d *Device) handle(ctx *pulumi.Context, zone *Zone, CAKey *tls.PrivateKey,
err = d.handleOSH(CAKey)
if err != nil {
return err
}
}*/
return err
}

4
iac/files.go
View file

@ -19,8 +19,8 @@ func CreatePulumiFile(ctx *pulumi.Context, name string, fqdn string, value pulum
Port: pulumi.Float64Ptr(float64(port)),
User: pulumi.String(user),
// TODO: note to self, write platform support code here. or just expect env var $SSH_AUTH_SOCK?
//AgentSocketPath: pulumi.String("/run/user/1000/gnupg/S.gpg-agent.ssh"), // linux
AgentSocketPath: pulumi.String("/Users/kat/.gnupg/S.gpg-agent.ssh"), // darwin
AgentSocketPath: pulumi.String("/run/user/1000/gnupg/S.gpg-agent.ssh"), // linux
//AgentSocketPath: pulumi.String("/Users/kat/.gnupg/S.gpg-agent.ssh"), // darwin
},
Triggers: pulumi.All(resources),
Create: pulumi.Sprintf("echo \"%s\" > \"/tmp/%s\" && sudo mkdir -p /var/lib/secrets && sudo install --owner=kat --group=users --mode=0600 \"/tmp/%s\" \"/var/lib/secrets/%s\"", value, name, name, name),

336
iac/hcloud.go
View file

@ -1,69 +1,81 @@
package iac
import (
"fmt"
"github.com/pulumi/pulumi-cloudflare/sdk/v4/go/cloudflare"
"github.com/pulumi/pulumi-cloudinit/sdk/go/cloudinit"
"github.com/pulumi/pulumi-hcloud/sdk/go/hcloud"
"github.com/pulumi/pulumi-tailscale/sdk/go/tailscale"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"strconv"
"fmt"
"github.com/pulumi/pulumi-cloudflare/sdk/v4/go/cloudflare"
"strconv"
"github.com/pulumi/pulumi-cloudinit/sdk/go/cloudinit"
"github.com/pulumi/pulumi-hcloud/sdk/go/hcloud"
"github.com/pulumi/pulumi-tailscale/sdk/go/tailscale"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
type Machine struct {
Hostname string
Network *hcloud.Network
NetworkSubnet *hcloud.NetworkSubnet
NetworkID pulumi.IntOutput
TailnetKey *tailscale.TailnetKey
CloudInit *cloudinit.Config
IPv4 *hcloud.PrimaryIp
IPv6 *hcloud.PrimaryIp
RDNSv4 *hcloud.Rdns
RDNSv6 *hcloud.Rdns
Server *hcloud.Server
Recordv4 DNSRecord
Recordv6 DNSRecord
Hostname string
Network *hcloud.Network
NetworkSubnet *hcloud.NetworkSubnet
NetworkID pulumi.IntOutput
TailnetKey *tailscale.TailnetKey
CloudInit *cloudinit.Config
IPv4 *hcloud.PrimaryIp
IPv6 *hcloud.PrimaryIp
RDNSv4 *hcloud.Rdns
RDNSv6 *hcloud.Rdns
Server *hcloud.Server
Recordv4 DNSRecord
Recordv6 DNSRecord
}
func IDToInt(id pulumi.IDOutput) (pulumi.IntOutput) {
var conversionCallback = func(val string) (int, error) {
return strconv.Atoi(val)
}
return id.ApplyT(conversionCallback).(pulumi.IntOutput);
}
// TODO: make the hcloud server process occur in a series of nested ApplyTs, to allow the conversion without actually causing issues in dependency resolution since the directionality flows from the network to the RDNS.
func (m *Machine) Handle(ctx *pulumi.Context, name string) (err error) {
m.Hostname = name
m.Hostname = name
m.Network, err = hcloud.NewNetwork(ctx, "network", &hcloud.NetworkArgs{
IpRange: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
// when creating, comment out the rest of this file and deploy with this first, to create the network in the first place.
m.Network, err = hcloud.NewNetwork(ctx, "network", &hcloud.NetworkArgs{
IpRange: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
m.NetworkID = m.Network.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) {
return strconv.Atoi(string(content))
}).(pulumi.IntOutput)
m.NetworkID = IDToInt(m.Network.ID())
m.NetworkSubnet, err = hcloud.NewNetworkSubnet(ctx, "network-subnet", &hcloud.NetworkSubnetArgs{
NetworkId: m.NetworkID,
Type: pulumi.String("cloud"),
NetworkZone: pulumi.String("us-west"),
IpRange: pulumi.String("10.0.1.0/24"),
})
if err != nil {
return err
}
m.TailnetKey, err = tailscale.NewTailnetKey(ctx, "tailscaleKey", &tailscale.TailnetKeyArgs{
Ephemeral: pulumi.Bool(false),
Preauthorized: pulumi.Bool(true),
Reusable: pulumi.Bool(true),
})
if err != nil {
return err
}
m.NetworkSubnet, err = hcloud.NewNetworkSubnet(ctx, fmt.Sprintf("%s-primarySubnet", m.Hostname), &hcloud.NetworkSubnetArgs{
NetworkId: m.NetworkID,
Type: pulumi.String("cloud"),
NetworkZone: pulumi.String("us-west"),
IpRange: pulumi.String("10.0.1.0/24"),
}, pulumi.DependsOn([]pulumi.Resource{
m.Network,
}))
if err != nil {
return err
}
m.TailnetKey, err = tailscale.NewTailnetKey(ctx, fmt.Sprintf("%s-tailscaleKey", m.Hostname), &tailscale.TailnetKeyArgs{
Ephemeral: pulumi.Bool(false),
Preauthorized: pulumi.Bool(true),
Reusable: pulumi.Bool(true),
})
if err != nil {
return err
}
m.CloudInit, err = cloudinit.NewConfig(ctx, "ran", &cloudinit.ConfigArgs{
Gzip: pulumi.Bool(false),
Base64Encode: pulumi.Bool(false),
Parts: cloudinit.ConfigPartArray{
&cloudinit.ConfigPartArgs{
Content: pulumi.Sprintf(`#cloud-config
m.CloudInit, err = cloudinit.NewConfig(ctx, fmt.Sprintf("%s", m.Hostname), &cloudinit.ConfigArgs{
Gzip: pulumi.Bool(false),
Base64Encode: pulumi.Bool(false),
Parts: cloudinit.ConfigPartArray{
&cloudinit.ConfigPartArgs{
Content: pulumi.Sprintf(`#cloud-config
write_files:
- path: /etc/tailscale/authkey
permissions: '0600'
@ -72,8 +84,11 @@ write_files:
permissions: '0644'
content: |
{ pkgs, ... }:
{
let
katKeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== cardno:12_078_454"];
in {
services.tailscale.enable = true;
users.users.root.openssh.authorizedKeys.keys = katKeys;
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
@ -97,116 +112,121 @@ runcmd:
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=./katdefaults.nix NIX_CHANNEL=nixos-unstable bash 2>&1 | tee /tmp/infect.log
- nixos-generate-config --dir ./
`, m.TailnetKey.Key),
ContentType: pulumi.String("text/x-shellscript"),
Filename: pulumi.String("nixos-infect"),
},
},
})
if err != nil {
return err
}
ContentType: pulumi.String("text/x-shellscript"),
Filename: pulumi.String("nixos-infect"),
},
},
})
if err != nil {
return err
}
m.IPv4, err = hcloud.NewPrimaryIp(ctx, "ran-v4", &hcloud.PrimaryIpArgs{
Datacenter: pulumi.String("hil-dc1"),
Type: pulumi.String("ipv4"),
AssigneeType: pulumi.String("server"),
AutoDelete: pulumi.Bool(true),
Labels: pulumi.Map{
"host": pulumi.Any("ran"),
},
})
if err != nil {
return err
}
m.IPv4, err = hcloud.NewPrimaryIp(ctx, fmt.Sprintf("%s-v4", m.Hostname), &hcloud.PrimaryIpArgs{
Datacenter: pulumi.String("hil-dc1"),
Type: pulumi.String("ipv4"),
AssigneeType: pulumi.String("server"),
AutoDelete: pulumi.Bool(true),
Labels: pulumi.Map{
"host": pulumi.Any("ran"),
},
}, pulumi.DependsOn([]pulumi.Resource{
m.Network,
m.NetworkSubnet,
}))
if err != nil {
return err
}
m.IPv6, err = hcloud.NewPrimaryIp(ctx, "ran-v6", &hcloud.PrimaryIpArgs{
Datacenter: pulumi.String("hil-dc1"),
Type: pulumi.String("ipv6"),
AssigneeType: pulumi.String("server"),
AutoDelete: pulumi.Bool(true),
Labels: pulumi.Map{
"host": pulumi.Any("ran"),
},
})
if err != nil {
return err
}
m.IPv6, err = hcloud.NewPrimaryIp(ctx, fmt.Sprintf("%s-v6", m.Hostname), &hcloud.PrimaryIpArgs{
Datacenter: pulumi.String("hil-dc1"),
Type: pulumi.String("ipv6"),
AssigneeType: pulumi.String("server"),
AutoDelete: pulumi.Bool(true),
Labels: pulumi.Map{
"host": pulumi.Any("ran"),
},
}, pulumi.DependsOn([]pulumi.Resource{
m.Network,
m.NetworkSubnet,
}))
if err != nil {
return err
}
m.Server, err = hcloud.NewServer(ctx, m.Hostname, &hcloud.ServerArgs{
Name: pulumi.String(m.Hostname),
ServerType: pulumi.String("cpx21"),
Image: pulumi.String("ubuntu-22.04"),
Datacenter: pulumi.String("hil-dc1"),
UserData: m.CloudInit.Rendered,
PublicNets: hcloud.ServerPublicNetArray{
&hcloud.ServerPublicNetArgs{
Ipv4Enabled: pulumi.Bool(true),
Ipv4: m.IPv4.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) {
return strconv.Atoi(string(content))
}).(pulumi.IntOutput),
Ipv6Enabled: pulumi.Bool(true),
Ipv6: m.IPv6.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) {
return strconv.Atoi(string(content))
}).(pulumi.IntOutput),
},
},
Networks: hcloud.ServerNetworkTypeArray{
&hcloud.ServerNetworkTypeArgs{
NetworkId: m.NetworkID,
Ip: pulumi.String("10.0.1.5"),
AliasIps: pulumi.StringArray{
pulumi.String("10.0.1.6"),
pulumi.String("10.0.1.7"),
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
m.NetworkSubnet,
}))
if err != nil {
return err
}
m.RDNSv4, err = hcloud.NewRdns(ctx, fmt.Sprintf("%s-v4", m.Hostname), &hcloud.RdnsArgs{
ServerId: m.Server.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) {
return strconv.Atoi(string(content))
}).(pulumi.IntOutput),
IpAddress: m.Server.Ipv4Address,
DnsPtr: pulumi.String("ran.gensokyo.zone"),
})
m.RDNSv6, err = hcloud.NewRdns(ctx, fmt.Sprintf("%s-v6", m.Hostname), &hcloud.RdnsArgs{
ServerId: m.Server.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) {
return strconv.Atoi(string(content))
}).(pulumi.IntOutput),
IpAddress: m.Server.Ipv6Address,
DnsPtr: pulumi.String("ran.gensokyo.zone"),
})
m.Server, err = hcloud.NewServer(ctx, m.Hostname, &hcloud.ServerArgs{
Name: pulumi.String(m.Hostname),
ServerType: pulumi.String("cpx21"),
Image: pulumi.String("67794396"),
Datacenter: pulumi.String("hil-dc1"),
UserData: m.CloudInit.Rendered,
PublicNets: hcloud.ServerPublicNetArray{
&hcloud.ServerPublicNetArgs{
Ipv4Enabled: pulumi.Bool(true),
Ipv4: IDToInt(m.IPv4.ID()),
Ipv6Enabled: pulumi.Bool(true),
Ipv6: IDToInt(m.IPv6.ID()),
},
},
Networks: hcloud.ServerNetworkTypeArray{
&hcloud.ServerNetworkTypeArgs{
NetworkId: m.NetworkID,
Ip: pulumi.String("10.0.1.5"),
AliasIps: pulumi.StringArray{
pulumi.String("10.0.1.6"),
pulumi.String("10.0.1.7"),
},
},
},
}, pulumi.IgnoreChanges([]string{"image"}), pulumi.DependsOn([]pulumi.Resource{
m.NetworkSubnet,
m.IPv4,
m.IPv6,
}))
if err != nil {
return err
}
m.RDNSv4, err = hcloud.NewRdns(ctx, fmt.Sprintf("%s-v4", m.Hostname), &hcloud.RdnsArgs{
ServerId: IDToInt(m.Server.ID()),
IpAddress: m.Server.Ipv4Address,
DnsPtr: pulumi.String(fmt.Sprintf("%s.gensokyo.zone", m.Hostname)),
}, pulumi.DependsOn([]pulumi.Resource{
m.Server,
}))
m.RDNSv6, err = hcloud.NewRdns(ctx, fmt.Sprintf("%s-v6", m.Hostname), &hcloud.RdnsArgs{
ServerId: IDToInt(m.Server.ID()),
IpAddress: m.Server.Ipv6Address,
DnsPtr: pulumi.String(fmt.Sprintf("%s.gensokyo.zone", m.Hostname)),
}, pulumi.DependsOn([]pulumi.Resource{
m.Server,
}))
zoneName := "gensokyo.zone"
zoneName := "gensokyo.zone"
gensokyo, err := cloudflare.LookupZone(ctx, &cloudflare.LookupZoneArgs{
Name: &zoneName,
})
if err != nil {
return err
}
gensokyo, err := cloudflare.LookupZone(ctx, &cloudflare.LookupZoneArgs{
Name: &zoneName,
})
if err != nil {
return err
}
m.Recordv4 = DNSRecord{
Higher: String,
Name: m.Hostname,
Kind: A,
RawValue: m.Server.Ipv4Address,
Ttl: 3600,
}
m.Recordv4.handleValue(ctx, gensokyo)
m.Recordv4 = DNSRecord{
Higher: String,
Name: m.Hostname,
Kind: A,
RawValue: m.Server.Ipv4Address,
Ttl: 3600,
}
m.Recordv4.handleValue(ctx, gensokyo)
m.Recordv6 = DNSRecord{
Higher: String,
Name: m.Hostname,
Kind: AAAA,
RawValue: m.Server.Ipv6Address,
Ttl: 3600,
}
m.Recordv6.handleValue(ctx, gensokyo)
m.Recordv6 = DNSRecord{
Higher: String,
Name: m.Hostname,
Kind: AAAA,
RawValue: m.Server.Ipv6Address,
Ttl: 3600,
}
m.Recordv6.handleValue(ctx, gensokyo)
return err
return err
}