Refactor terranix code to be more reusable and maintainable
Hopefully
This commit is contained in:
parent
2f725ca3ea
commit
624508dd14
GPG key ID:
C7D890804F01E9F0
6 changed files with 337 additions and 115 deletions
|
|
@ -149,119 +149,76 @@ in
|
|||
config = inputs.terranix.lib.terranixConfiguration {
|
||||
system = pkgs.hostPlatform.system;
|
||||
modules = [
|
||||
{
|
||||
imports = [
|
||||
inputs.self.terranixModules.cloudflare
|
||||
inputs.terranix-hcloud.terranixModules.hcloud
|
||||
];
|
||||
|
||||
hcloud.enable = true;
|
||||
terraform.required_providers.hcloud.version = "~> 1.45.0";
|
||||
terraform.backend.s3 = {
|
||||
bucket = "bw-terraform";
|
||||
key = cfg.bucket.key;
|
||||
region = "auto";
|
||||
endpoints = {
|
||||
s3 = "https://477b394a6a545699445c40953e40f00b.r2.cloudflarestorage.com";
|
||||
};
|
||||
use_path_style = true;
|
||||
skip_credentials_validation = true;
|
||||
skip_region_validation = true;
|
||||
skip_metadata_api_check = true;
|
||||
skip_requesting_account_id = true;
|
||||
skip_s3_checksum = true;
|
||||
};
|
||||
|
||||
data.hcloud_ssh_key.khs = {
|
||||
name = "ca.kaareskovgaard.net";
|
||||
};
|
||||
|
||||
resource.hcloud_primary_ip.ipv4 = {
|
||||
inherit labels;
|
||||
name = "${fqdn} ipv4";
|
||||
datacenter = cfg.datacenter;
|
||||
type = "ipv4";
|
||||
assignee_type = "server";
|
||||
auto_delete = false;
|
||||
};
|
||||
resource.hcloud_primary_ip.ipv6 = {
|
||||
inherit labels;
|
||||
name = "${fqdn} ipv6";
|
||||
datacenter = cfg.datacenter;
|
||||
type = "ipv6";
|
||||
assignee_type = "server";
|
||||
auto_delete = false;
|
||||
};
|
||||
khscodes.cloudflare = {
|
||||
enable = true;
|
||||
dns = {
|
||||
enable = true;
|
||||
zone_name = tldFromFqdn fqdn;
|
||||
aRecords = [
|
||||
{
|
||||
inherit fqdn;
|
||||
content = "\${ hcloud_server.compute.ipv4_address }";
|
||||
}
|
||||
];
|
||||
aaaaRecords = [
|
||||
{
|
||||
inherit fqdn;
|
||||
content = "\${ hcloud_server.compute.ipv6_address }";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
resource.hcloud_firewall.fw = lib.mkIf firewallEnable {
|
||||
inherit labels;
|
||||
name = fqdn;
|
||||
apply_to = {
|
||||
server = "\${ hcloud_server.compute.id }";
|
||||
};
|
||||
rule = firewallRules;
|
||||
};
|
||||
resource.hcloud_server.compute = {
|
||||
inherit (cfg) server_type datacenter;
|
||||
inherit labels;
|
||||
name = fqdn;
|
||||
image = "debian-12";
|
||||
public_net = {
|
||||
ipv4_enabled = true;
|
||||
ipv4 = "\${ hcloud_primary_ip.ipv4.id }";
|
||||
ipv6_enabled = true;
|
||||
ipv6 = "\${ hcloud_primary_ip.ipv6.id }";
|
||||
};
|
||||
ssh_keys = [ "\${ data.hcloud_ssh_key.khs.id }" ];
|
||||
lifecycle = {
|
||||
ignore_changes = [
|
||||
"ssh_keys"
|
||||
"public_net"
|
||||
"image"
|
||||
];
|
||||
};
|
||||
};
|
||||
output.ipv4_address = {
|
||||
value = "\${ hcloud_server.compute.ipv4_address }";
|
||||
sensitive = false;
|
||||
};
|
||||
|
||||
output.ipv6_address = {
|
||||
value = "\${ hcloud_server.compute.ipv6_address }";
|
||||
sensitive = false;
|
||||
};
|
||||
}
|
||||
(
|
||||
{ lib, ... }:
|
||||
{ config, ... }:
|
||||
{
|
||||
config = lib.mkIf mapRdns {
|
||||
resource.hcloud_rdns.ipv4 = {
|
||||
primary_ip_id = "\${ hcloud_primary_ip.ipv4.id }";
|
||||
ip_address = "\${ hcloud_server.compute.ipv4_address }";
|
||||
dns_ptr = fqdn;
|
||||
imports = [
|
||||
inputs.self.terranixModules.cloudflare
|
||||
inputs.self.terranixModules.hcloud
|
||||
];
|
||||
config = {
|
||||
terraform.backend.s3 = {
|
||||
bucket = "bw-terraform";
|
||||
key = cfg.bucket.key;
|
||||
region = "auto";
|
||||
endpoints = {
|
||||
s3 = "https://477b394a6a545699445c40953e40f00b.r2.cloudflarestorage.com";
|
||||
};
|
||||
use_path_style = true;
|
||||
skip_credentials_validation = true;
|
||||
skip_region_validation = true;
|
||||
skip_metadata_api_check = true;
|
||||
skip_requesting_account_id = true;
|
||||
skip_s3_checksum = true;
|
||||
};
|
||||
resource.hcloud_rdns.ipv6 = {
|
||||
primary_ip_id = "\${ hcloud_primary_ip.ipv6.id }";
|
||||
ip_address = "\${ hcloud_server.compute.ipv6_address }";
|
||||
dns_ptr = fqdn;
|
||||
|
||||
khscodes.hcloud.data.ssh_key.khs = {
|
||||
name = "ca.kaareskovgaard.net";
|
||||
};
|
||||
khscodes.hcloud.enable = true;
|
||||
khscodes.hcloud.server.compute = {
|
||||
inherit (cfg) server_type datacenter;
|
||||
inherit labels;
|
||||
name = fqdn;
|
||||
initial_image = "debian-12";
|
||||
rdns = fqdn;
|
||||
ssh_keys = [ config.khscodes.hcloud.output.data.ssh_key.khs.id ];
|
||||
};
|
||||
khscodes.cloudflare = {
|
||||
enable = true;
|
||||
dns = {
|
||||
enable = true;
|
||||
zone_name = tldFromFqdn fqdn;
|
||||
aRecords = [
|
||||
{
|
||||
inherit fqdn;
|
||||
content = config.khscodes.hcloud.output.server.compute.ipv4_address;
|
||||
}
|
||||
];
|
||||
aaaaRecords = [
|
||||
{
|
||||
inherit fqdn;
|
||||
content = config.khscodes.hcloud.output.server.compute.ipv6_address;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
resource.hcloud_firewall.fw = lib.mkIf firewallEnable {
|
||||
inherit labels;
|
||||
name = fqdn;
|
||||
apply_to = {
|
||||
server = config.khscodes.hcloud.output.server.compute.id;
|
||||
};
|
||||
rule = firewallRules;
|
||||
};
|
||||
output.ipv4_address = {
|
||||
value = config.khscodes.hcloud.output.server.compute.ipv4_address;
|
||||
sensitive = false;
|
||||
};
|
||||
|
||||
output.ipv6_address = {
|
||||
value = config.khscodes.hcloud.output.server.compute.ipv6_address;
|
||||
sensitive = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue