pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity

Initial commit

Browse source
This commit is contained in:
Benjamin Bädorf 2023-07-30 16:50:11 +02:00
commit 61fb32d92d
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
5 changed files with 555 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*.tf.json
/tags.*

157
dns.nix Normal file
View file

@ -0,0 +1,157 @@
{ ... }:
{
# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
resource."namecheap_domain_records"."pub-solar" = {
domain = "pub.solar";
mode = "OVERWRITE";
email_type = "MX";
record = [
{
hostname = "flora-6";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "auth";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "ci";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "git";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "stream";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "list";
type = "A";
address = "80.71.153.210";
}
{
hostname = "obs-portal";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "vpn";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "cache";
type = "A";
address = "95.217.225.160";
}
{
hostname = "factorio";
type = "A";
address = "80.244.242.2";
}
{
hostname = "collabora";
type = "A";
address = "95.217.225.160";
}
{
hostname = "@";
type = "ALIAS";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
ttl = 300;
}
{
hostname = "chat";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "cloud";
type = "CNAME";
address = "nc-web.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "coturn";
type = "CNAME";
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "hpb";
type = "CNAME";
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "dimension";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "element";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "files";
type = "CNAME";
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "mastodon";
type = "CNAME";
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "matrix";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "www";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "@";
type = "TXT";
address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all";
}
{
hostname = "list";
type = "TXT";
address = "v=spf1 a:list.pub.solar ?all";
}
{
hostname = "_dmarc";
type = "TXT";
address = "v=DMARC1; p=reject;";
}
{
hostname = "_dmarc.list";
type = "TXT";
address = "v=DMARC1; p=reject;";
}
{
hostname = "@";
type = "MX";
address = "mx2.greenbaum.cloud.";
mx_pref = "0";
}
{
hostname = "list";
type = "MX";
address = "list.pub.solar";
mx_pref = "0";
}
# SRV records can only be changed via NameCheap Web UI
# add comment
];
};
}

223
flake.lock Normal file
View file

@ -0,0 +1,223 @@
{
"nodes": {
"bats-assert": {
"flake": false,
"locked": {
"lastModified": 1636059754,
"narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=",
"owner": "bats-core",
"repo": "bats-assert",
"rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-assert",
"type": "github"
}
},
"bats-support": {
"flake": false,
"locked": {
"lastModified": 1548869839,
"narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=",
"owner": "bats-core",
"repo": "bats-support",
"rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-support",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1688466019,
"narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1690652600,
"narHash": "sha256-Dy09g7mezToVwtFPyY25fAx1hzqNXv73/QmY5/qyR44=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f58889c07efa8e1328fdf93dc1796ec2a5c47f38",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1690431538,
"narHash": "sha256-Uml8ivMMOFPB9fNSDcw72imGHRdJpaK12sRm2DTLLe8=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "16c07487ac9bc59f58b121d13160c67befa3342e",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-flake": {
"locked": {
"lastModified": 1690424850,
"narHash": "sha256-pPELqUXbNdZ7nMLPL8A+BSyUsxjxMO3q2Wb7plW/Wf8=",
"owner": "srid",
"repo": "nixos-flake",
"rev": "df6fe273ff64dc29de2c93805045b5348d70bc26",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "nixos-flake",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1690548937,
"narHash": "sha256-x3ZOPGLvtC0/+iFAg9Kvqm/8hTAIkGjc634SqtgaXTA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1688049487,
"narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f6a2ed2082d9a51668c86ba27d0b5496f7a2ea93",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixos-flake": "nixos-flake",
"nixpkgs": "nixpkgs",
"terranix": "terranix"
}
},
"terranix": {
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2",
"terranix-examples": "terranix-examples"
},
"locked": {
"lastModified": 1684906298,
"narHash": "sha256-pNuJxmVMGbBHw7pa+Bx0HY0orXIXoyyAXOKuQ1zpfus=",
"owner": "terranix",
"repo": "terranix",
"rev": "c0dd15076856c6cb425795b8c7d5d37d3a1e922a",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix",
"type": "github"
}
},
"terranix-examples": {
"locked": {
"lastModified": 1636300201,
"narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=",
"owner": "terranix",
"repo": "terranix-examples",
"rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix-examples",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

116
flake.nix Normal file
View file

@ -0,0 +1,116 @@
{
inputs = {
# Principle inputs (updated by `nix run .#update`)
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-flake.url = "github:srid/nixos-flake";
terranix.url = "github:terranix/terranix";
};
outputs = inputs@{ self, terranix, ... }:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" "aarch64-darwin" "x86_64-darwin" ];
imports = [
inputs.nixos-flake.flakeModule
./terraform.nix
];
perSystem = { config, ... }: { };
flake =
let
# TODO: Change username
myUserName = "john";
system = "x86_64-linux";
in
{
# Configurations for Linux (NixOS) machines
nixosConfigurations = {
# TODO: Change hostname from "example1" to something else.
example1 = self.nixos-flake.lib.mkLinuxSystem "x86_64-linux" {
imports = [
self.nixosModules.common # See below for "nixosModules"!
self.nixosModules.linux
./hosts/example1/default.nix
self.nixosModules.home-manager
{
home-manager.users.${myUserName} = {
imports = [
self.homeModules.common # See below for "homeModules"!
self.homeModules.linux
];
home.stateVersion = "22.11";
};
}
];
};
};
# Configurations for macOS machines
darwinConfigurations = {
# TODO: Change hostname from "example1" to something else.
example1 = self.nixos-flake.lib.mkMacosSystem "aarch64-darwin" {
imports = [
self.nixosModules.common # See below for "nixosModules"!
self.nixosModules.darwin
./hosts/example1/default.nix
self.darwinModules.home-manager
{
home-manager.users.${myUserName} = {
imports = [
self.homeModules.common # See below for "homeModules"!
self.homeModules.darwin
];
home.stateVersion = "22.11";
};
}
];
};
};
# All nixos/nix-darwin configurations are kept here.
nixosModules = {
# Common nixos/nix-darwin configuration shared between Linux and macOS.
common = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
hello
];
};
# NixOS specific configuration
linux = { pkgs, ... }: {
users.users.${myUserName}.isNormalUser = true;
services.netdata.enable = true;
};
# nix-darwin specific configuration
darwin = { pkgs, ... }: {
security.pam.enableSudoTouchIdAuth = true;
};
};
# All home-manager configurations are kept here.
homeModules = {
# Common home-manager configuration shared between Linux and macOS.
common = { pkgs, ... }: {
programs.git.enable = true;
programs.starship.enable = true;
programs.bash.enable = true;
};
# home-manager config specific to NixOS
linux = {
xsession.enable = true;
};
# home-manager config specifi to Darwin
darwin = {
targets.darwin.search = "Bing";
};
};
};
};
}

57
terraform.nix Normal file
View file

@ -0,0 +1,57 @@
{ inputs
, self
, ...
}: {
perSystem = { config, pkgs, system, ... }:
let
terraform = pkgs.terraform;
tf-infra-dns = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [ ./dns.nix ];
};
tf-infra-nodes = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [
./host.nix
./vms.nix
];
};
in {
packages = {
inherit tf-infra-dns tf-infra-nodes;
};
apps = {
apply-dns = {
type = "app";
program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-dns} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform apply
'');
};
apply-nodes = {
type = "app";
program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-nodes} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform apply
'');
};
# nix run ".#destroy"
destroy-dns = {
type = "app";
program = toString (pkgs.writers.writeBash "destroy" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-dns} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform destroy
'');
};
};
};
}