diff options
| author | seth <[email protected]> | 2024-10-18 03:10:35 -0400 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-10-18 07:10:35 +0000 |
| commit | e6f79b30e620cf7bd5b06e2579e979ff090e925a (patch) | |
| tree | 1dd2b20126602ef448f77fbb9cdd44ba7f02a58c /ext/terranix | |
| parent | fdaf8680ef5bbcadb7cece43911beff18f90cdb2 (diff) | |
more refactors & outsource some things (#477)
* tree-wide: drop flake-parts
* drop nixinate
* justfile: cleanup
* drop treefmt-nix
* doc: update READMEs
* flake: cleanup
* seth: don't use `./.`
* modules/nixos,darwin: bundle all modules
They all depend on each other anyways so
* systems: manually import internal modules
* seth: use riff module from nix-exprs
* flake: back to flake-parts
* Revert "flake: back to flake-parts"
This reverts commit 35334882f7c0c23991a4efd65ea08b216006b2b0.
Saving the last commit so I can go back if I want
* flake: use lib.const
this looks better...right?
* flake: declare systems like a normal person
Diffstat (limited to 'ext/terranix')
| -rw-r--r-- | ext/terranix/cloud.nix | 7 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/default.nix | 10 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/dns.nix | 110 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/pages_domains.nix | 32 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/pages_projects.nix | 60 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/ruleset.nix | 29 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/tls.nix | 15 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/tunnels.nix | 14 | ||||
| -rw-r--r-- | ext/terranix/default.nix | 43 | ||||
| -rw-r--r-- | ext/terranix/tailscale/acl.nix | 51 | ||||
| -rw-r--r-- | ext/terranix/tailscale/default.nix | 13 | ||||
| -rw-r--r-- | ext/terranix/tailscale/devices.nix | 20 | ||||
| -rw-r--r-- | ext/terranix/tailscale/dns.nix | 5 | ||||
| -rw-r--r-- | ext/terranix/tailscale/tags.nix | 21 | ||||
| -rw-r--r-- | ext/terranix/vars.nix | 10 | ||||
| -rw-r--r-- | ext/terranix/versions.nix | 14 |
16 files changed, 0 insertions, 454 deletions
diff --git a/ext/terranix/cloud.nix b/ext/terranix/cloud.nix deleted file mode 100644 index 5ee0113..0000000 --- a/ext/terranix/cloud.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - terraform.cloud = { - hostname = "app.terraform.io"; - organization = "getchoo"; - workspaces.name = "flake"; - }; -} diff --git a/ext/terranix/cloudflare/default.nix b/ext/terranix/cloudflare/default.nix deleted file mode 100644 index a8f6d43..0000000 --- a/ext/terranix/cloudflare/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - imports = [ - ./dns.nix - ./pages_domains.nix - ./pages_projects.nix - ./ruleset.nix - ./tls.nix - ./tunnels.nix - ]; -} diff --git a/ext/terranix/cloudflare/dns.nix b/ext/terranix/cloudflare/dns.nix deleted file mode 100644 index 335562d..0000000 --- a/ext/terranix/cloudflare/dns.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ lib, ... }: -let - mkRecord = - { - name, - content, - type, - zone_id, - }: - { - inherit - name - content - type - zone_id - ; - ttl = 1; - } - // lib.optionalAttrs (type != "TXT") { proxied = true; }; - - zones = { - getchoo_com = lib.tfRef "var.getchoo_com_zone_id"; - }; - inherit (zones) getchoo_com; - - atlas_tunnel = - lib.tfRef "data.cloudflare_zero_trust_tunnel_cloudflared.atlas-nginx.id" + ".cfargotunnel.com"; - - pagesSubdomainFor = project: lib.tfRef "resource.cloudflare_pages_project.${project}.subdomain"; - blockEmailSpoofingFor = - domain: - let - zone_id = zones.${domain}; - in - { - "${domain}_dmarc" = { - name = "_dmarc"; - content = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"; - type = "TXT"; - inherit zone_id; - }; - - "${domain}_domainkey" = { - name = "*._domainkey"; - content = "v=DKIM1; p="; - type = "TXT"; - inherit zone_id; - }; - - "${domain}_email" = { - name = "@"; - content = "v=spf1 -all"; - type = "TXT"; - inherit zone_id; - }; - }; -in -{ - resource.cloudflare_zone_dnssec = { - getchoo_com_dnssec = { - zone_id = getchoo_com; - }; - }; - - resource.cloudflare_record = - lib.mapAttrs (_: mkRecord) { - getchoo_com_website = { - name = "@"; - content = pagesSubdomainFor "personal_website"; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_www = { - name = "www"; - content = "getchoo.com"; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_api = { - name = "api"; - content = pagesSubdomainFor "teawie_api"; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_miniflux = { - name = "miniflux"; - content = atlas_tunnel; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_git = { - name = "git"; - content = atlas_tunnel; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_keyoxide = { - name = "@"; - content = "$argon2id$v=19$m=512,t=256,p=1$AlA6W5fP7J14zMsw0W5KFQ$EQz/NCE0/TQpE64r2Eo/yOpjtMZ9WXevHsv3YYP7CXg"; - type = "TXT"; - zone_id = getchoo_com; - }; - } - // blockEmailSpoofingFor "getchoo_com"; -} diff --git a/ext/terranix/cloudflare/pages_domains.nix b/ext/terranix/cloudflare/pages_domains.nix deleted file mode 100644 index 531b2de..0000000 --- a/ext/terranix/cloudflare/pages_domains.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, ... }: -let - setDomainsFor = - { - account_id, - project, - domains, - }: - lib.listToAttrs ( - map (domain: { - name = "${project}_${builtins.replaceStrings [ "." ] [ "_" ] domain}"; - value = { - inherit account_id; - project_name = lib.tfRef "resource.cloudflare_pages_project.${project}.name"; - inherit domain; - }; - }) domains - ); -in -{ - resource.cloudflare_pages_domain = - setDomainsFor { - account_id = lib.tfRef "var.account_id"; - project = "personal_website"; - domains = [ "getchoo.com" ]; - } - // setDomainsFor { - account_id = lib.tfRef "var.account_id"; - project = "teawie_api"; - domains = [ "api.getchoo.com" ]; - }; -} diff --git a/ext/terranix/cloudflare/pages_projects.nix b/ext/terranix/cloudflare/pages_projects.nix deleted file mode 100644 index 4c0b076..0000000 --- a/ext/terranix/cloudflare/pages_projects.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ lib, ... }: -let - getGitHubRepo = - { owner, repo_name }: - { - type = "github"; - config = { - inherit owner repo_name; - production_branch = "main"; - }; - }; -in -{ - resource.cloudflare_pages_project = { - personal_website = { - account_id = lib.tfRef "var.account_id"; - name = "getchoo-website"; - production_branch = "main"; - - source = getGitHubRepo { - owner = "getchoo"; - repo_name = "website"; - }; - - build_config = { - build_caching = true; - build_command = "./build-site.sh"; - destination_dir = "/dist"; - }; - - deployment_configs = - let - environment_variables = { - ZOLA_VERSION = "0.19.2"; - }; - in - { - production = [ { inherit environment_variables; } ]; - preview = [ { inherit environment_variables; } ]; - }; - }; - - teawie_api = { - account_id = lib.tfRef "var.account_id"; - name = "teawie-api"; - production_branch = "main"; - - source = getGitHubRepo { - owner = "getchoo"; - repo_name = "teawieAPI"; - }; - - build_config = { - build_caching = true; - build_command = "pnpm run lint && pnpm run build"; - destination_dir = "/dist"; - }; - }; - }; -} diff --git a/ext/terranix/cloudflare/ruleset.nix b/ext/terranix/cloudflare/ruleset.nix deleted file mode 100644 index 98364d9..0000000 --- a/ext/terranix/cloudflare/ruleset.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, ... }: -{ - resource.cloudflare_ruleset = { - getchoo_com_redirects = { - kind = "zone"; - name = "default"; - phase = "http_request_dynamic_redirect"; - zone_id = lib.tfRef "var.getchoo_com_zone_id"; - - rules = [ - { - action = "redirect"; - action_parameters = { - from_value = { - preserve_query_string = false; - status_code = 301; - target_url = { - value = "https://www.youtube.com/watch?v=RvVdFXOFcjw"; - }; - }; - }; - description = "funny"; - enabled = true; - expression = "(http.request.uri.path eq \"/hacks\" and http.host eq \"getchoo.com\")"; - } - ]; - }; - }; -} diff --git a/ext/terranix/cloudflare/tls.nix b/ext/terranix/cloudflare/tls.nix deleted file mode 100644 index 77450ad..0000000 --- a/ext/terranix/cloudflare/tls.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, ... }: -let - baseSettings = { - always_use_https = "on"; - ssl = "strict"; - }; -in -{ - resource.cloudflare_zone_settings_override = { - getchoo_com_settings = { - zone_id = lib.tfRef "var.getchoo_com_zone_id"; - settings = baseSettings; - }; - }; -} diff --git a/ext/terranix/cloudflare/tunnels.nix b/ext/terranix/cloudflare/tunnels.nix deleted file mode 100644 index 717a887..0000000 --- a/ext/terranix/cloudflare/tunnels.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: -{ - data.cloudflare_zero_trust_tunnel_cloudflared = lib.genAttrs [ "atlas-nginx" ] (name: { - inherit name; - account_id = lib.tfRef "var.account_id"; - }); - - resource.cloudflare_authenticated_origin_pulls = { - getchoo_com_origin = { - zone_id = lib.tfRef "var.getchoo_com_zone_id"; - enabled = true; - }; - }; -} diff --git a/ext/terranix/default.nix b/ext/terranix/default.nix deleted file mode 100644 index 72f75ad..0000000 --- a/ext/terranix/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ inputs, ... }: -{ - perSystem = - { - lib, - pkgs, - self', - system, - ... - }: - let - inherit (self'.packages) opentofu; - - terranix = inputs.terranix.lib.terranixConfiguration { - inherit system; - modules = [ - ./cloudflare - ./tailscale - ./cloud.nix - ./vars.nix - ./versions.nix - ]; - }; - in - { - apps = { - tf = { - type = "app"; - program = lib.getExe ( - pkgs.writeShellScriptBin "tf" '' - ln -sf ${terranix} config.tf.json - exec ${lib.getExe opentofu} "$@" - '' - ); - }; - }; - - packages.opentofu = pkgs.opentofu.withPlugins (plugins: [ - plugins.cloudflare - plugins.tailscale - ]); - }; -} diff --git a/ext/terranix/tailscale/acl.nix b/ext/terranix/tailscale/acl.nix deleted file mode 100644 index 80e3537..0000000 --- a/ext/terranix/tailscale/acl.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib, ... }: -{ - resource.tailscale_acl.default = { - acl = toString ( - builtins.toJSON { - tagOwners = - let - me = [ "getchoo@github" ]; - tags = map (name: "tag:${name}") [ - "server" - "personal" - ]; - in - lib.genAttrs tags (_: me); - - acls = - let - mkAcl = action: src: dst: { inherit action src dst; }; - in - [ - (mkAcl "accept" [ "tag:personal" ] [ "*:*" ]) - (mkAcl "accept" [ "tag:server" ] [ "tag:server:*" ]) - ]; - - ssh = - let - mkSshAcl = action: src: dst: users: { - inherit - action - src - dst - users - ; - }; - in - [ - (mkSshAcl "accept" [ "tag:personal" ] - [ - "tag:server" - "tag:personal" - ] - [ - "autogroup:nonroot" - "root" - ] - ) - ]; - } - ); - }; -} diff --git a/ext/terranix/tailscale/default.nix b/ext/terranix/tailscale/default.nix deleted file mode 100644 index b370b34..0000000 --- a/ext/terranix/tailscale/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, ... }: -{ - imports = [ - ./acl.nix - ./devices.nix - ./dns.nix - ./tags.nix - ]; - - provider.tailscale = { - tailnet = lib.tfRef "var.tailnet"; - }; -} diff --git a/ext/terranix/tailscale/devices.nix b/ext/terranix/tailscale/devices.nix deleted file mode 100644 index 625c56e..0000000 --- a/ext/terranix/tailscale/devices.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, ... }: -{ - data.tailscale_device = - let - toDevices = - devices: - lib.genAttrs devices (name: { - name = "${name}.tailc59d6.ts.net"; - wait_for = "60s"; - }); - in - toDevices [ - "atlas" - "caroline" - "glados" - "glados-wsl" - "glados-windows" - "iphone-14" - ]; -} diff --git a/ext/terranix/tailscale/dns.nix b/ext/terranix/tailscale/dns.nix deleted file mode 100644 index 320a24b..0000000 --- a/ext/terranix/tailscale/dns.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - resource.tailscale_dns_preferences.default = { - magic_dns = true; - }; -} diff --git a/ext/terranix/tailscale/tags.nix b/ext/terranix/tailscale/tags.nix deleted file mode 100644 index 3e82dbb..0000000 --- a/ext/terranix/tailscale/tags.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -{ - resource.tailscale_device_tags = - let - getDeviceID = device: lib.tfRef "data.tailscale_device.${device}.id"; - toTags = n: v: { device_id = getDeviceID n; } // v; - - tags = lib.genAttrs [ - "server" - "personal" - ] (n: [ "tag:${n}" ]); - in - builtins.mapAttrs toTags { - atlas.tags = tags.server; - caroline.tags = tags.personal; - glados.tags = tags.personal; - glados-wsl.tags = tags.personal; - glados-windows.tags = tags.personal; - iphone-14.tags = tags.personal; - }; -} diff --git a/ext/terranix/vars.nix b/ext/terranix/vars.nix deleted file mode 100644 index afee9de..0000000 --- a/ext/terranix/vars.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - variable = { - # cloudflare - getchoo_com_zone_id.default = "5ab8019935bfb8838a820aa68250eb77"; - account_id.default = "44c47ae2d55db34c1bf2f378ea8202f1"; - - # tailscale - tailnet.default = "getchoo.github"; - }; -} diff --git a/ext/terranix/versions.nix b/ext/terranix/versions.nix deleted file mode 100644 index 6ac0b3e..0000000 --- a/ext/terranix/versions.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: -{ - terraform.required_providers = - let - registry = "registry.terraform.io"; - - fmtSource = _: value: lib.recursiveUpdate value { source = "${registry}/${value.source}"; }; - in - lib.mapAttrs fmtSource { - cloudflare.source = "cloudflare/cloudflare"; - - tailscale.source = "tailscale/tailscale"; - }; -} |