bij1
/
terraform-config
19
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

add local nomad

This commit is contained in:
Kiara Grouwstra 2024-01-23 21:15:50 +01:00
parent 33dd0a9ea8
commit 2c3a7ee24c
5 changed files with 273 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.terraform.lock.hcl
View File

@ -1,20 +1,6 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/carlpett/sops" {
version = "1.0.0"
hashes = [
"h1:tnN2Mgl0NUF3cg7a0HtGmtOhHcG+tkaT6ncOPRuA9l8=",
"zh:064e63ea800cd1a8e575064097bc7de6fd5faa8ad50dbb3f2f9d8a3ebc9d7b97",
"zh:0663900085949d2faf24c170c7cdfbf76e545797915cc331da8304144c02bf27",
"zh:2ff26c7e5ee356c30791a12dd8e114c6237bd873d09e52805cb30dd5d758ed23",
"zh:44211fa474112ad0c9fcdae03f13ec7c75cdefd3ab29979b99cb834208055593",
"zh:6c3ab441c12b9679ad1dcac580d1ee7782f0d94efe6da6e983435ed39335cd3f",
"zh:8924cc939b52382ef042dc38bde93cdf438ff0aeab5e1801fbd198f05b80cd47",
"zh:ebc189ce22c23b903399f71e33d465001a79d7de7f7bf115c7763fcf794f4b58",
]
}
provider "registry.opentofu.org/hashicorp/local" {
version = "2.4.1"
hashes = [
@ -52,3 +38,22 @@ provider "registry.opentofu.org/hetznercloud/hcloud" {
"zh:fb0e083d2925f289999dc561ef1c2f84a9e0ab11388c40162ca8b470f50f71f5",
]
}
provider "registry.terraform.io/hashicorp/nomad" {
version = "2.1.0"
hashes = [
"h1:ek0L7fA+4R1/BXhbutSRqlQPzSZ5aY/I2YfVehuYeEU=",
"zh:39ba4d4fc9557d4d2c1e4bf866cf63973359b73e908cce237c54384512bdb454",
"zh:40d2b66e3f3675e6b88000c145977c1d5288510c76b702c6c131d9168546c605",
"zh:40fbe575d85a083f96d4703c6b7334e9fc3e08e4f1d441de2b9513215184ebcc",
"zh:42ce6db79e2f94557fae516ee3f22e5271f0b556638eb45d5fbad02c99fc7af3",
"zh:4acf63dfb92f879b3767529e75764fef68886521b7effa13dd0323c38133ce88",
"zh:72cf35a13c2fb542cd3c8528826e2390db9b8f6f79ccb41532e009ad140a3269",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:8b8bcc136c05916234cb0c3bcc3d48fda7ca551a091ad8461ea4ab16fb6960a3",
"zh:8e1c2f924eae88afe7ac83775f000ae8fd71a04e06228edf7eddce4df2421169",
"zh:abc6e725531fc06a8e02e84946aaabc3453ecafbc1b7a442ea175db14fd9c86a",
"zh:b735fcd1fb20971df3e92f81bb6d73eef845dcc9d3d98e908faa3f40013f0f69",
"zh:ce59797282505d872903789db8f092861036da6ec3e73f6507dac725458a5ec9",
]
}

78
README.md
View File

@ -11,57 +11,67 @@ Contains [OpenTofu](https://opentofu.org/) code used to manage our infrastructur
## Usage
- Before issuing any other commands, enter the development environment (if not using [`direnv`](https://zero-to-flakes.com/direnv)):
### Development shell
```sh
nix develop -c $SHELL
```
Before issuing any other commands, enter the development environment (if not using [`direnv`](https://zero-to-flakes.com/direnv)):
- Handle [credentials](#secrets)
```sh
nix develop -c $SHELL
```
- Applying changes:
### Handling [credentials](#secrets)
```sh
nix run
```
### Applying changes
- Validating logic:
```sh
nix run
```
```sh
nix run .#check
```
### Validating logic
- Showing the generated plan:
```sh
nix run .#check
```
```sh
nix run .#plan
```
### Showing the generated plan
- Applying changes, approving automatically:
```sh
nix run .#plan
```
```sh
nix run .#cd
```
### Applying changes, approving automatically
- Removing local state and derived credentials:
```sh
nix run .#cd
```
```sh
nix run .#destroy
```
### Removing local state and derived credentials
- Updating dependencies:
```sh
nix run .#destroy
```
```sh
nix flake update
```
### Running Nomad jobs locally
- Simulating a CI test ([substituting](#secrets) `<SOPS_AGE_KEY>`):
```sh
nix run .#local
```
```sh
woodpecker-cli exec --env "SOPS_AGE_KEY=<SOPS_AGE_KEY>"
```
### Updating dependencies
### Secrets
```sh
nix flake update
```
### Simulating a CI test
[substituting](#secrets) `<SOPS_AGE_KEY>`, run:
```sh
woodpecker-cli exec --env "SOPS_AGE_KEY=<SOPS_AGE_KEY>"
```
## Secrets
- if you want to reset secrets:
- generate an [`age`](https://age-encryption.org/) key pair, using [`rage`](https://github.com/str4d/rage) installed as part of the nix shell:

107
flake.lock
View File

@ -32,6 +32,21 @@
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@ -50,6 +65,59 @@
"type": "github"
}
},
"gomod2nix": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705314449,
"narHash": "sha256-yfQQ67dLejP0FLK76LKHbkzcQqNIrux6MFe32MMFGNQ=",
"owner": "tweag",
"repo": "gomod2nix",
"rev": "30e3c3a9ec4ac8453282ca7f67fca9e1da12c3e6",
"type": "github"
},
"original": {
"owner": "tweag",
"repo": "gomod2nix",
"type": "github"
}
},
"nix-nomad": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"flake-utils": [
"flake-utils"
],
"gomod2nix": [
"gomod2nix"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1672531382,
"narHash": "sha256-zbvXzPBBbv5mYPwy/XB3NaBAx3yTYQWNYjz/c/ccH3w=",
"owner": "tristanpemble",
"repo": "nix-nomad",
"rev": "ffbb8c97b2b665ec3a0dd393af79c0192a5546db",
"type": "github"
},
"original": {
"owner": "tristanpemble",
"repo": "nix-nomad",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1704999660,
@ -65,10 +133,49 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1671929364,
"narHash": "sha256-N9GW06FZTKDpkv9YLMXswUxnX27b9qEtfTg7WsSdXjc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a909f7a2fb4ec6d14d52b8a727bb9ba465e15766",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-unfree": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1701957584,
"narHash": "sha256-xEpFaRdrneHl3Xdyzp3emd4QVxML7AR3GC91wuWi0Ok=",
"owner": "numtide",
"repo": "nixpkgs-unfree",
"rev": "127b9b18583de04c6207c2a0e674abf64fc4a3b1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixpkgs-unfree",
"type": "github"
}
},
"root": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"gomod2nix": "gomod2nix",
"nix-nomad": "nix-nomad",
"nixpkgs": "nixpkgs",
"nixpkgs-unfree": "nixpkgs-unfree",
"terranix": "terranix",
"terranix-hcloud": "terranix-hcloud"
}

73
flake.nix
View File

@ -6,6 +6,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils.url = "github:numtide/flake-utils";
flake-compat.url = "github:edolstra/flake-compat";
terranix = {
url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs";
@ -17,25 +18,45 @@
inputs.flake-utils.follows = "flake-utils";
inputs.terranix.follows = "terranix";
};
nix-nomad = {
url = "github:tristanpemble/nix-nomad";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
inputs.flake-compat.follows = "flake-compat";
inputs.gomod2nix.follows = "gomod2nix";
};
gomod2nix = {
url = "github:tweag/gomod2nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
};
outputs = { self, nixpkgs, ... }@inputs:
outputs = { self, nixpkgs, nix-nomad, ... }@inputs:
inputs.flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
unfree = inputs.nixpkgs-unfree.legacyPackages.${system}.pkgs;
tfConfig = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [
modules = {
hcloud = [
inputs.terranix-hcloud.terranixModules.hcloud
./config.nix
];
nomad = [
"${nix-nomad}/modules"
./nomad.nix
];
};
tfConfig = modules: inputs.terranix.lib.terranixConfiguration { inherit system modules; };
tfCfg = builtins.mapAttrs (_: tfConfig) {
hcloud = modules.hcloud ++ modules.nomad;
nomad = modules.nomad;
};
tf = "${pkgs.opentofu}/bin/tofu";
sops = "${pkgs.sops}/bin/sops";
in
{
defaultPackage = tfConfig;
defaultPackage = tfCfg.hcloud;
# Auto formatters. This also adds a flake check to ensure that the
# source tree was auto formatted.
@ -56,6 +77,7 @@
inputs.terranix.defaultPackage.${system}
(opentofu.withPlugins (p: with p; [
hcloud # https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs
nomad # https://registry.terraform.io/providers/hashicorp/nomad/latest/docs
]))
unfree.nomad
damon
@ -63,17 +85,23 @@
};
apps = let
locally = ''
# using local state, stash cloud state to prevent error `workspaces not supported`
if [[ -e .terraform/terraform.tfstate ]]; then mv .terraform/terraform.tfstate terraform.tfstate.d/$(tofu workspace show)/terraform.tfstate; fi;
'';
compile = tfModule: ''
echo ${tfModule};
cp ${tfModule} config.tf.json \
&& chmod 0600 config.tf.json;
'';
tfCommand = cmd: ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi;
export TF_CLI_CONFIG_FILE="ci.tfrc"
cat << EOF > "$TF_CLI_CONFIG_FILE"
credentials "app.terraform.io" {
token = "$(${sops} -d --extract '["tf_cloud_token"]' .auto.tfvars.enc.yaml)"
}
EOF
cp ${tfConfig} config.tf.json \
&& ${tf} init \
&& ${tf} ${cmd}
# need cloud token as env var for CLI commands like `workspace`
export TF_TOKEN_app_terraform_io="$(${sops} -d --extract '["tf_cloud_token"]' .auto.tfvars.enc.yaml)";
'' + compile tfCfg.hcloud + locally + ''
# load cloud state to prevent error `Cloud backend initialization required: please run "tofu init"`
mv terraform.tfstate.d/hcloud/terraform.tfstate .terraform/terraform.tfstate;
${tf} workspace select -or-create hcloud;
${tf} init && ${tf} ${cmd};
'';
in builtins.mapAttrs (name: script: {
type = "app";
@ -92,12 +120,19 @@
# nix run .#cd
cd = tfCommand "apply -auto-approve";
# nix run .#destroy
# nix run .#local
local = locally + compile tfCfg.nomad + ''
${tf} workspace select -or-create nomad;
${tf} init && ${tf} apply;
'';
destroy = ''
${tfCommand "destroy"}
rm ${toString ./.}/config.tf.json
rm ${toString ./.}/*.tfstate*
rm ${toString ./.}/.auto.tfvars.json
rm ${toString ./.}/ci.tfrc
for f in "config.tf.json *.tfstate* *.tfvars.json ci.tfrc .terraform terraform.tfstate.d"; do
echo $f
if [[ -e "${toString ./.}/$f" ]]; then
rm -rf "${toString ./.}/$f";
fi;
done
'';
};

49
nomad.nix Normal file
View File

@ -0,0 +1,49 @@
{ config, options, lib, ... }:
let
var = options.variable;
in
{
terraform.required_providers.nomad.source = "registry.terraform.io/hashicorp/nomad";
variable = {
nomad_host = {
type = "string";
description = "host of the nomad instance, defaults to local";
default = "http://127.0.0.1";
};
};
provider.nomad.address = "${lib.tfRef "var.nomad_host"}:4646";
# https://github.com/tristanpemble/nix-nomad
# https://tristanpemble.github.io/nix-nomad/
# https://github.com/hetznercloud/csi-driver/blob/main/docs/nomad/README.md#getting-started
job = {
bar = {
type = "batch";
group.bar.task.bar = {
driver = "raw_exec";
config = {
command = "echo";
args = ["hello"];
};
};
};
};
resource = {
nomad_job.foo = {
jobspec = lib.strings.toJSON config.nomad.build.apiJob.bar;
json = true;
};
};
}