summaryrefslogtreecommitdiff
path: root/ext/terranix
diff options
context:
space:
mode:
Diffstat (limited to 'ext/terranix')
-rw-r--r--ext/terranix/cloudflare/dns.nix78
-rw-r--r--ext/terranix/cloudflare/pages_domains.nix26
-rw-r--r--ext/terranix/cloudflare/pages_projects.nix39
-rw-r--r--ext/terranix/cloudflare/ruleset.nix3
-rw-r--r--ext/terranix/cloudflare/tls.nix6
-rw-r--r--ext/terranix/cloudflare/tunnels.nix16
-rw-r--r--ext/terranix/default.nix41
-rw-r--r--ext/terranix/tailscale/acl.nix65
-rw-r--r--ext/terranix/tailscale/default.nix3
-rw-r--r--ext/terranix/tailscale/devices.nix19
-rw-r--r--ext/terranix/tailscale/tags.nix17
-rw-r--r--ext/terranix/versions.nix15
12 files changed, 187 insertions, 141 deletions
diff --git a/ext/terranix/cloudflare/dns.nix b/ext/terranix/cloudflare/dns.nix
index 4da90ab..4be834c 100644
--- a/ext/terranix/cloudflare/dns.nix
+++ b/ext/terranix/cloudflare/dns.nix
@@ -1,52 +1,60 @@
-{lib, ...}: let
- mkRecord = {
- name,
- value,
- type,
- zone_id,
- }:
+{ lib, ... }:
+let
+ mkRecord =
{
- inherit name value type zone_id;
+ name,
+ value,
+ type,
+ zone_id,
+ }:
+ {
+ inherit
+ name
+ value
+ type
+ zone_id
+ ;
ttl = 1;
}
- // lib.optionalAttrs (type != "TXT") {proxied = true;};
+ // lib.optionalAttrs (type != "TXT") { proxied = true; };
zones = {
getchoo_com = lib.tfRef "var.getchoo_com_zone_id";
};
- inherit
- (zones)
- getchoo_com
- ;
+ inherit (zones) getchoo_com;
atlas_tunnel = lib.tfRef "data.cloudflare_tunnel.atlas-nginx.id" + ".cfargotunnel.com";
pagesSubdomainFor = project: lib.tfRef "resource.cloudflare_pages_project.${project}.subdomain";
- blockEmailSpoofingFor = domain: let
- zone_id = zones.${domain};
- in {
- "${domain}_dmarc" = {
- name = "_dmarc";
- value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;";
- type = "TXT";
- inherit zone_id;
- };
+ blockEmailSpoofingFor =
+ domain:
+ let
+ zone_id = zones.${domain};
+ in
+ {
+ "${domain}_dmarc" = {
+ name = "_dmarc";
+ value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;";
+ type = "TXT";
+ inherit zone_id;
+ };
- "${domain}_domainkey" = {
- name = "*._domainkey";
- value = "v=DKIM1; p=";
- type = "TXT";
- inherit zone_id;
- };
+ "${domain}_domainkey" = {
+ name = "*._domainkey";
+ value = "v=DKIM1; p=";
+ type = "TXT";
+ inherit zone_id;
+ };
- "${domain}_email" = {
- name = "@";
- value = "v=spf1 -all";
- type = "TXT";
- inherit zone_id;
+ "${domain}_email" = {
+ name = "@";
+ value = "v=spf1 -all";
+ type = "TXT";
+ inherit zone_id;
+ };
};
- };
-in {
+in
+{
resource.cloudflare_zone_dnssec = {
getchoo_com_dnssec = {
zone_id = getchoo_com;
diff --git a/ext/terranix/cloudflare/pages_domains.nix b/ext/terranix/cloudflare/pages_domains.nix
index c3c45bb..531b2de 100644
--- a/ext/terranix/cloudflare/pages_domains.nix
+++ b/ext/terranix/cloudflare/pages_domains.nix
@@ -1,30 +1,32 @@
-{lib, ...}: let
- setDomainsFor = {
- account_id,
- project,
- domains,
- }:
+{ lib, ... }:
+let
+ setDomainsFor =
+ {
+ account_id,
+ project,
+ domains,
+ }:
lib.listToAttrs (
map (domain: {
- name = "${project}_${builtins.replaceStrings ["."] ["_"] domain}";
+ name = "${project}_${builtins.replaceStrings [ "." ] [ "_" ] domain}";
value = {
inherit account_id;
project_name = lib.tfRef "resource.cloudflare_pages_project.${project}.name";
inherit domain;
};
- })
- domains
+ }) domains
);
-in {
+in
+{
resource.cloudflare_pages_domain =
setDomainsFor {
account_id = lib.tfRef "var.account_id";
project = "personal_website";
- domains = ["getchoo.com"];
+ domains = [ "getchoo.com" ];
}
// setDomainsFor {
account_id = lib.tfRef "var.account_id";
project = "teawie_api";
- domains = ["api.getchoo.com"];
+ domains = [ "api.getchoo.com" ];
};
}
diff --git a/ext/terranix/cloudflare/pages_projects.nix b/ext/terranix/cloudflare/pages_projects.nix
index 5b6e64e..37ca785 100644
--- a/ext/terranix/cloudflare/pages_projects.nix
+++ b/ext/terranix/cloudflare/pages_projects.nix
@@ -1,15 +1,16 @@
-{lib, ...}: let
- getGitHubRepo = {
- owner,
- repo_name,
- }: {
- type = "github";
- config = {
- inherit owner repo_name;
- production_branch = "main";
+{ lib, ... }:
+let
+ getGitHubRepo =
+ { owner, repo_name }:
+ {
+ type = "github";
+ config = {
+ inherit owner repo_name;
+ production_branch = "main";
+ };
};
- };
-in {
+in
+{
resource.cloudflare_pages_project = {
personal_website = {
account_id = lib.tfRef "var.account_id";
@@ -27,14 +28,16 @@ in {
destination_dir = "/dist";
};
- deployment_configs = let
- environment_variables = {
- MINIFLUX_URL = "https://miniflux.getchoo.com";
+ deployment_configs =
+ let
+ environment_variables = {
+ MINIFLUX_URL = "https://miniflux.getchoo.com";
+ };
+ in
+ {
+ production = [ { inherit environment_variables; } ];
+ preview = [ { inherit environment_variables; } ];
};
- in {
- production = [{inherit environment_variables;}];
- preview = [{inherit environment_variables;}];
- };
};
teawie_api = {
diff --git a/ext/terranix/cloudflare/ruleset.nix b/ext/terranix/cloudflare/ruleset.nix
index 9f611c4..98364d9 100644
--- a/ext/terranix/cloudflare/ruleset.nix
+++ b/ext/terranix/cloudflare/ruleset.nix
@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
resource.cloudflare_ruleset = {
getchoo_com_redirects = {
kind = "zone";
diff --git a/ext/terranix/cloudflare/tls.nix b/ext/terranix/cloudflare/tls.nix
index 1fcc7ac..77450ad 100644
--- a/ext/terranix/cloudflare/tls.nix
+++ b/ext/terranix/cloudflare/tls.nix
@@ -1,9 +1,11 @@
-{lib, ...}: let
+{ lib, ... }:
+let
baseSettings = {
always_use_https = "on";
ssl = "strict";
};
-in {
+in
+{
resource.cloudflare_zone_settings_override = {
getchoo_com_settings = {
zone_id = lib.tfRef "var.getchoo_com_zone_id";
diff --git a/ext/terranix/cloudflare/tunnels.nix b/ext/terranix/cloudflare/tunnels.nix
index f745deb..0bbf6f6 100644
--- a/ext/terranix/cloudflare/tunnels.nix
+++ b/ext/terranix/cloudflare/tunnels.nix
@@ -1,13 +1,9 @@
-{lib, ...}: {
- data.cloudflare_tunnel =
- lib.genAttrs
- [
- "atlas-nginx"
- ]
- (name: {
- inherit name;
- account_id = lib.tfRef "var.account_id";
- });
+{ lib, ... }:
+{
+ data.cloudflare_tunnel = lib.genAttrs [ "atlas-nginx" ] (name: {
+ inherit name;
+ account_id = lib.tfRef "var.account_id";
+ });
resource.cloudflare_authenticated_origin_pulls = {
getchoo_com_origin = {
diff --git a/ext/terranix/default.nix b/ext/terranix/default.nix
index c70d4d8..44ede51 100644
--- a/ext/terranix/default.nix
+++ b/ext/terranix/default.nix
@@ -1,25 +1,24 @@
-{inputs, ...}: {
- perSystem = {
- pkgs,
- system,
- ...
- }: {
- packages = {
- opentofu = pkgs.opentofu.withPlugins (plugins: [
- plugins.cloudflare
- plugins.tailscale
- ]);
+{ inputs, ... }:
+{
+ perSystem =
+ { pkgs, system, ... }:
+ {
+ packages = {
+ opentofu = pkgs.opentofu.withPlugins (plugins: [
+ plugins.cloudflare
+ plugins.tailscale
+ ]);
- terranix = inputs.terranix.lib.terranixConfiguration {
- inherit system;
- modules = [
- ./cloudflare
- ./tailscale
- ./cloud.nix
- ./vars.nix
- ./versions.nix
- ];
+ terranix = inputs.terranix.lib.terranixConfiguration {
+ inherit system;
+ modules = [
+ ./cloudflare
+ ./tailscale
+ ./cloud.nix
+ ./vars.nix
+ ./versions.nix
+ ];
+ };
};
};
- };
}
diff --git a/ext/terranix/tailscale/acl.nix b/ext/terranix/tailscale/acl.nix
index 338e373..80e3537 100644
--- a/ext/terranix/tailscale/acl.nix
+++ b/ext/terranix/tailscale/acl.nix
@@ -1,24 +1,51 @@
-{lib, ...}: {
+{ lib, ... }:
+{
resource.tailscale_acl.default = {
- acl = toString (builtins.toJSON {
- tagOwners = let
- me = ["getchoo@github"];
- tags = map (name: "tag:${name}") ["server" "personal"];
- in
- lib.genAttrs tags (_: me);
+ acl = toString (
+ builtins.toJSON {
+ tagOwners =
+ let
+ me = [ "getchoo@github" ];
+ tags = map (name: "tag:${name}") [
+ "server"
+ "personal"
+ ];
+ in
+ lib.genAttrs tags (_: me);
- acls = let
- mkAcl = action: src: dst: {inherit action src dst;};
- in [
- (mkAcl "accept" ["tag:personal"] ["*:*"])
- (mkAcl "accept" ["tag:server"] ["tag:server:*"])
- ];
+ acls =
+ let
+ mkAcl = action: src: dst: { inherit action src dst; };
+ in
+ [
+ (mkAcl "accept" [ "tag:personal" ] [ "*:*" ])
+ (mkAcl "accept" [ "tag:server" ] [ "tag:server:*" ])
+ ];
- ssh = let
- mkSshAcl = action: src: dst: users: {inherit action src dst users;};
- in [
- (mkSshAcl "accept" ["tag:personal"] ["tag:server" "tag:personal"] ["autogroup:nonroot" "root"])
- ];
- });
+ ssh =
+ let
+ mkSshAcl = action: src: dst: users: {
+ inherit
+ action
+ src
+ dst
+ users
+ ;
+ };
+ in
+ [
+ (mkSshAcl "accept" [ "tag:personal" ]
+ [
+ "tag:server"
+ "tag:personal"
+ ]
+ [
+ "autogroup:nonroot"
+ "root"
+ ]
+ )
+ ];
+ }
+ );
};
}
diff --git a/ext/terranix/tailscale/default.nix b/ext/terranix/tailscale/default.nix
index 2225fd5..b370b34 100644
--- a/ext/terranix/tailscale/default.nix
+++ b/ext/terranix/tailscale/default.nix
@@ -1,4 +1,5 @@
-{lib, ...}: {
+{ lib, ... }:
+{
imports = [
./acl.nix
./devices.nix
diff --git a/ext/terranix/tailscale/devices.nix b/ext/terranix/tailscale/devices.nix
index 44ee3f1..625c56e 100644
--- a/ext/terranix/tailscale/devices.nix
+++ b/ext/terranix/tailscale/devices.nix
@@ -1,11 +1,14 @@
-{lib, ...}: {
- data.tailscale_device = let
- toDevices = devices:
- lib.genAttrs devices (name: {
- name = "${name}.tailc59d6.ts.net";
- wait_for = "60s";
- });
- in
+{ lib, ... }:
+{
+ data.tailscale_device =
+ let
+ toDevices =
+ devices:
+ lib.genAttrs devices (name: {
+ name = "${name}.tailc59d6.ts.net";
+ wait_for = "60s";
+ });
+ in
toDevices [
"atlas"
"caroline"
diff --git a/ext/terranix/tailscale/tags.nix b/ext/terranix/tailscale/tags.nix
index ff41c82..3e82dbb 100644
--- a/ext/terranix/tailscale/tags.nix
+++ b/ext/terranix/tailscale/tags.nix
@@ -1,10 +1,15 @@
-{lib, ...}: {
- resource.tailscale_device_tags = let
- getDeviceID = device: lib.tfRef "data.tailscale_device.${device}.id";
- toTags = n: v: {device_id = getDeviceID n;} // v;
+{ lib, ... }:
+{
+ resource.tailscale_device_tags =
+ let
+ getDeviceID = device: lib.tfRef "data.tailscale_device.${device}.id";
+ toTags = n: v: { device_id = getDeviceID n; } // v;
- tags = lib.genAttrs ["server" "personal"] (n: ["tag:${n}"]);
- in
+ tags = lib.genAttrs [
+ "server"
+ "personal"
+ ] (n: [ "tag:${n}" ]);
+ in
builtins.mapAttrs toTags {
atlas.tags = tags.server;
caroline.tags = tags.personal;
diff --git a/ext/terranix/versions.nix b/ext/terranix/versions.nix
index 53bb5c6..6ac0b3e 100644
--- a/ext/terranix/versions.nix
+++ b/ext/terranix/versions.nix
@@ -1,12 +1,11 @@
-{lib, ...}: {
- terraform.required_providers = let
- registry = "registry.terraform.io";
+{ lib, ... }:
+{
+ terraform.required_providers =
+ let
+ registry = "registry.terraform.io";
- fmtSource = _: value:
- lib.recursiveUpdate value {
- source = "${registry}/${value.source}";
- };
- in
+ fmtSource = _: value: lib.recursiveUpdate value { source = "${registry}/${value.source}"; };
+ in
lib.mapAttrs fmtSource {
cloudflare.source = "cloudflare/cloudflare";
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 22:33:01 +0000