mirror of
https://github.com/kittywitch/nixfiles.git
synced 2026-02-10 04:49:19 -08:00
refactor: get rid of config folder
This commit is contained in:
parent
2606e1d874
commit
cb3ae5f434
GPG key ID:
465E64DECEA8CF0F
254 changed files with 79 additions and 101 deletions
21
targets/home.nix
Normal file
21
targets/home.nix
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
{ config, lib, ... }: with lib;
|
||||
|
||||
{
|
||||
deploy.targets.home = {
|
||||
tf = { config, ... }: {
|
||||
imports = optional (builtins.pathExists ../trusted/mail.nix) ../trusted/mail.nix;
|
||||
|
||||
dns.records.ygg_grimoire = {
|
||||
zone = "kittywit.ch.";
|
||||
domain = "grimoire.ygg";
|
||||
aaaa.address = "200:c87d:7960:916:bf0e:a0e1:3da7:4fc6";
|
||||
};
|
||||
|
||||
dns.records.ygg_boline = {
|
||||
zone = "kittywit.ch.";
|
||||
domain = "boline.ygg";
|
||||
aaaa.address = "200:474d:14f7:1d21:f171:4e85:a3fa:9393";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
194
targets/oci-root.nix
Normal file
194
targets/oci-root.nix
Normal file
|
|
@ -0,0 +1,194 @@
|
|||
{ config, lib, ... }: with lib; {
|
||||
deploy.targets.oci-root = {
|
||||
tf =
|
||||
let
|
||||
meta = config;
|
||||
in
|
||||
{ config, ... }:
|
||||
let
|
||||
inherit (config.lib.tf) terraformExpr;
|
||||
res = config.resources;
|
||||
var = config.variables;
|
||||
out = config.outputs;
|
||||
in
|
||||
{
|
||||
variables =
|
||||
let
|
||||
apivar = {
|
||||
type = "string";
|
||||
sensitive = true;
|
||||
};
|
||||
in
|
||||
mkMerge [
|
||||
(genAttrs (map (value: "oci_root_${value}") [ "region" "tenancy" "user" "fingerprint" ]) (attr: {
|
||||
value.shellCommand = "bitw get services/host/oracleapi -f ${head (reverseList (splitString "_" attr))}";
|
||||
type = "string";
|
||||
}))
|
||||
{ "oci_root_privkey" = {
|
||||
value.shellCommand = "bitw get services/host/oracleapi";
|
||||
type = "string";
|
||||
sensitive = true;
|
||||
}; }
|
||||
];
|
||||
|
||||
providers.oci-root = {
|
||||
type = "oci";
|
||||
inputs = with config.variables; {
|
||||
tenancy_ocid = oci_root_tenancy.ref;
|
||||
user_ocid = oci_root_user.ref;
|
||||
private_key = oci_root_privkey.ref;
|
||||
fingerprint = oci_root_fingerprint.ref;
|
||||
region = oci_root_region.ref;
|
||||
};
|
||||
};
|
||||
|
||||
resources = {
|
||||
oci_kw_compartment = {
|
||||
provider = "oci.oci-root";
|
||||
type = "identity_compartment";
|
||||
inputs = {
|
||||
name = "kw";
|
||||
description = "kw";
|
||||
compartment_id = var.oci_root_tenancy.ref;
|
||||
enable_delete = true;
|
||||
};
|
||||
};
|
||||
oci_kw_user = {
|
||||
provider = "oci.oci-root";
|
||||
type = "identity_user";
|
||||
inputs = {
|
||||
name = "kw";
|
||||
description = "kw";
|
||||
compartment_id = var.oci_root_tenancy.ref;
|
||||
};
|
||||
};
|
||||
oci_kw_group = {
|
||||
provider = "oci.oci-root";
|
||||
type = "identity_group";
|
||||
inputs = {
|
||||
name = "kw";
|
||||
description = "kw";
|
||||
compartment_id = var.oci_root_tenancy.ref;
|
||||
};
|
||||
};
|
||||
oci_kw_usergroup = {
|
||||
provider = "oci.oci-root";
|
||||
type = "identity_user_group_membership";
|
||||
inputs = {
|
||||
group_id = res.oci_kw_group.refAttr "id";
|
||||
user_id = res.oci_kw_user.refAttr "id";
|
||||
};
|
||||
};
|
||||
oci_kw_key = {
|
||||
provider = "tls";
|
||||
type = "private_key";
|
||||
inputs = {
|
||||
algorithm = "RSA";
|
||||
rsa_bits = 2048;
|
||||
};
|
||||
};
|
||||
oci_kw_key_file = {
|
||||
provider = "local";
|
||||
type = "file";
|
||||
inputs = {
|
||||
sensitive_content = res.oci_kw_key.refAttr "private_key_pem";
|
||||
filename = toString (config.terraform.dataDir + "/oci_kw_key");
|
||||
file_permission = "0600";
|
||||
};
|
||||
};
|
||||
oci_kw_apikey = {
|
||||
provider = "oci.oci-root";
|
||||
type = "identity_api_key";
|
||||
inputs = {
|
||||
key_value = res.oci_kw_key.refAttr "public_key_pem";
|
||||
user_id = res.oci_kw_user.refAttr "id";
|
||||
};
|
||||
};
|
||||
oci_kw_policy = {
|
||||
provider = "oci.oci-root";
|
||||
type = "identity_policy";
|
||||
inputs = {
|
||||
name = "kw-admin";
|
||||
description = "kw admin";
|
||||
compartment_id = var.oci_root_tenancy.ref;
|
||||
statements = [
|
||||
"Allow group ${res.oci_kw_group.refAttr "name"} to manage all-resources in compartment id ${res.oci_kw_compartment.refAttr "id"}"
|
||||
"Allow group ${res.oci_kw_group.refAttr "name"} to read virtual-network-family in compartment id ${var.oci_root_tenancy.ref}"
|
||||
''
|
||||
Allow group ${res.oci_kw_group.refAttr "name"} to manage vcns in compartment id ${var.oci_root_tenancy.ref} where ALL {
|
||||
ANY { request.operation = 'CreateNetworkSecurityGroup', request.operation = 'DeleteNetworkSecurityGroup' }
|
||||
}
|
||||
''
|
||||
];
|
||||
};
|
||||
};
|
||||
oci_vcn = {
|
||||
provider = "oci.oci-root";
|
||||
type = "core_vcn";
|
||||
inputs = {
|
||||
display_name = "net";
|
||||
compartment_id = var.oci_root_tenancy.ref;
|
||||
cidr_blocks = [
|
||||
"10.69.0.0/16"
|
||||
];
|
||||
is_ipv6enabled = true;
|
||||
};
|
||||
};
|
||||
oci_internet = {
|
||||
provider = "oci.oci-root";
|
||||
type = "core_internet_gateway";
|
||||
inputs = {
|
||||
display_name = "net internet";
|
||||
compartment_id = var.oci_root_tenancy.ref;
|
||||
vcn_id = res.oci_vcn.refAttr "id";
|
||||
};
|
||||
};
|
||||
oci_routes = {
|
||||
provider = "oci.oci-root";
|
||||
type = "core_route_table";
|
||||
inputs = {
|
||||
display_name = "net routes";
|
||||
route_rules = [
|
||||
{
|
||||
description = "internet v4";
|
||||
destination_type = "CIDR_BLOCK";
|
||||
destination = "0.0.0.0/0";
|
||||
network_entity_id = res.oci_internet.refAttr "id";
|
||||
}
|
||||
{
|
||||
description = "internet v6";
|
||||
destination_type = "CIDR_BLOCK";
|
||||
destination = "::/0";
|
||||
network_entity_id = res.oci_internet.refAttr "id";
|
||||
}
|
||||
];
|
||||
compartment_id = var.oci_root_tenancy.ref;
|
||||
vcn_id = res.oci_vcn.refAttr "id";
|
||||
};
|
||||
};
|
||||
oci_kw_subnet = {
|
||||
provider = "oci.oci-root";
|
||||
type = "core_subnet";
|
||||
inputs = {
|
||||
display_name = "kw";
|
||||
cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.cidr_blocks[0], 8, 8)"; # /24
|
||||
ipv6cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.ipv6cidr_blocks[0], 8, 0)"; # from a /56 block to /64
|
||||
compartment_id = res.oci_kw_compartment.refAttr "id";
|
||||
vcn_id = res.oci_vcn.refAttr "id";
|
||||
route_table_id = res.oci_routes.refAttr "id";
|
||||
};
|
||||
};
|
||||
};
|
||||
outputs = {
|
||||
oci_region = {
|
||||
value = var.oci_root_region.ref;
|
||||
sensitive = true;
|
||||
};
|
||||
oci_tenancy = {
|
||||
value = var.oci_root_tenancy.ref;
|
||||
sensitive = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
24
targets/rinnosuke-domains.nix
Normal file
24
targets/rinnosuke-domains.nix
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
{ config, ... }:
|
||||
|
||||
let rinnosuke = config.network.nodes.nixos.rinnosuke; in
|
||||
{
|
||||
deploy.targets.rinnosuke-domains.tf = {
|
||||
dns.records = {
|
||||
node_public_rinnosuke_v4 = {
|
||||
inherit (rinnosuke.network.dns) zone;
|
||||
domain = rinnosuke.networking.hostName;
|
||||
a.address = rinnosuke.network.addresses.public.tf.ipv4.address;
|
||||
};
|
||||
node_public_rinnosuke_v6 = {
|
||||
inherit (rinnosuke.network.dns) zone;
|
||||
domain = rinnosuke.networking.hostName;
|
||||
aaaa.address = rinnosuke.network.addresses.public.tf.ipv6.address;
|
||||
};
|
||||
node_wireguard_rinnosuke_v4 = {
|
||||
inherit (rinnosuke.network.dns) zone;
|
||||
domain = rinnosuke.network.addresses.wireguard.subdomain;
|
||||
a.address = rinnosuke.network.addresses.wireguard.tf.ipv4.address;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue