mirror of
https://github.com/numtide/nixos-anywhere.git
synced 2024-10-05 17:07:22 +03:00
add terraform examples
This commit is contained in:
parent
6ab330d99e
commit
535c3ee272
6
terraform/.terraform-docs.yml
Normal file
6
terraform/.terraform-docs.yml
Normal file
@ -0,0 +1,6 @@
|
||||
output:
|
||||
mode: inject
|
||||
template: |-
|
||||
<!-- BEGIN_TF_DOCS -->
|
||||
{{ .Content }}
|
||||
<!-- END_TF_DOCS -->
|
@ -1,3 +1,75 @@
|
||||
# All-in-one
|
||||
|
||||
## Example
|
||||
|
||||
```hcl
|
||||
locals {
|
||||
ipv4 = "192.0.2.1"
|
||||
}
|
||||
|
||||
module "deploy" {
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
|
||||
# with flakes
|
||||
nixos_system_attr = ".#nixosConfigurations.mymachine.config.system.build.toplevel"
|
||||
nixos_partitioner_attr = ".#nixosConfigurations.mymachine.config.system.build.diskoScript"
|
||||
# without flakes
|
||||
# file can use (pkgs.nixos []) function from nixpkgs
|
||||
#file = "${path.module}/../.."
|
||||
#nixos_system_attr = "config.system.build.toplevel"
|
||||
#nixos_partitioner_attr = "config.system.build.diskoScript"
|
||||
|
||||
target_host = local.ipv4
|
||||
# when instance id changes, it will trigger a reinstall
|
||||
instance_id = local.ipv4
|
||||
# useful if something goes wrong
|
||||
# debug_logging = true
|
||||
# script is below
|
||||
extra_files_script = "${path.module}/decrypt-ssh-secrets.sh"
|
||||
disk_encryption_key_scripts = [{
|
||||
path = "/tmp/secret.key"
|
||||
# script is below
|
||||
script = "${path.module}/decrypt-zfs-key.sh"
|
||||
}]
|
||||
}
|
||||
```
|
||||
|
||||
### ./decrypt-ssh-secrets.sh
|
||||
|
||||
```
|
||||
#!/usr/bin/env bash
|
||||
|
||||
mkdir -p etc/ssh var/lib/secrets
|
||||
|
||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||
|
||||
umask 0177
|
||||
sops --extract '["initrd_ssh_key"]' -d "$SCRIPT_DIR/secrets.yaml" >./var/lib/secrets/initrd_ssh_key
|
||||
|
||||
# restore umask
|
||||
umask 0022
|
||||
|
||||
for keyname in ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_ed25519_key ssh_host_ed25519_key.pub; do
|
||||
if [[ $keyname == *.pub ]]; then
|
||||
umask 0133
|
||||
else
|
||||
umask 0177
|
||||
fi
|
||||
sops --extract '["'$keyname'"]' -d "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
|
||||
done
|
||||
```
|
||||
|
||||
### ./decrypt-zfs-key.sh
|
||||
|
||||
```
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||
cd "$SCRIPT_DIR"
|
||||
sops --extract '["zfs-key"]' -d "$SCRIPT_DIR/secrets.yaml" >"./etc/ssh/$keyname"
|
||||
```
|
||||
|
||||
<!-- BEGIN_TF_DOCS -->
|
||||
|
||||
## Requirements
|
||||
|
@ -1,3 +1,40 @@
|
||||
# Install
|
||||
|
||||
## Example
|
||||
|
||||
```hcl
|
||||
locals {
|
||||
ipv4 = "192.0.2.1"
|
||||
}
|
||||
|
||||
module "system-build" {
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/nix-build"
|
||||
# with flakes
|
||||
attribute = ".#nixosConfigurations.mymachine.config.system.build.toplevel"
|
||||
# without flakes
|
||||
# file can use (pkgs.nixos []) function from nixpkgs
|
||||
#file = "${path.module}/../.."
|
||||
#attribute = "config.system.build.toplevel"
|
||||
}
|
||||
|
||||
module "disko" {
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/nix-build"
|
||||
# with flakes
|
||||
attribute = ".#nixosConfigurations.mymachine.config.system.build.diskoScript"
|
||||
# without flakes
|
||||
# file can use (pkgs.nixos []) function from nixpkgs
|
||||
#file = "${path.module}/../.."
|
||||
#attribute = "config.system.build.diskoScript"
|
||||
}
|
||||
|
||||
module "install" {
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/install"
|
||||
nixos_system = module.system-build.result.out
|
||||
nixos_partitioner = module.disko.result.out
|
||||
target_host = local.ipv4
|
||||
}
|
||||
```
|
||||
|
||||
<!-- BEGIN_TF_DOCS -->
|
||||
|
||||
## Requirements
|
||||
@ -12,7 +49,7 @@ No requirements.
|
||||
|
||||
## Modules
|
||||
|
||||
No modules.
|
||||
No modules..../joerg/.data/nvim/lazy/
|
||||
|
||||
## Resources
|
||||
|
||||
|
@ -1,4 +1,8 @@
|
||||
<!-- BEGIN_TF_DOCS -->
|
||||
# Nix-build
|
||||
|
||||
## Example
|
||||
|
||||
- See [install](install.md) or [nixos-rebuild](nixos-rebuild.md)
|
||||
|
||||
## Requirements
|
||||
|
||||
|
@ -1,3 +1,29 @@
|
||||
# Nixos-rebuild
|
||||
|
||||
## Example
|
||||
|
||||
```hcl
|
||||
locals {
|
||||
ipv4 = "192.0.2.1"
|
||||
}
|
||||
|
||||
module "system-build" {
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/nix-build"
|
||||
# with flakes
|
||||
attribute = ".#nixosConfigurations.mymachine.config.system.build.toplevel"
|
||||
# without flakes
|
||||
# file can use (pkgs.nixos []) function from nixpkgs
|
||||
#file = "${path.module}/../.."
|
||||
#attribute = "config.system.build.toplevel"
|
||||
}
|
||||
|
||||
module "deploy" {
|
||||
source = "github.com/numtide/nixos-anywhere//terraform/nixos-rebuild"
|
||||
nixos_system = module.system-build.result.out
|
||||
target_host = local.ipv4
|
||||
}
|
||||
```
|
||||
|
||||
<!-- BEGIN_TF_DOCS -->
|
||||
|
||||
## Requirements
|
||||
|
@ -6,7 +6,7 @@ files=()
|
||||
find "${SCRIPT_DIR}"/* -type d | while read -r i; do
|
||||
module_name=$(basename "$i")
|
||||
markdown_file="${SCRIPT_DIR}/${module_name}.md"
|
||||
terraform-docs markdown table --output-file "${markdown_file}" --output-mode inject "${module_name}"
|
||||
terraform-docs --config "${SCRIPT_DIR}/.terraform-docs.yml" markdown table --output-file "${markdown_file}" --output-mode inject "${module_name}"
|
||||
files+=("${markdown_file}")
|
||||
done
|
||||
nix fmt -- "${files[@]}"
|
||||
|
Loading…
Reference in New Issue
Block a user