diff --git a/config.nix b/config.nix index 94d2c04..a9336eb 100644 --- a/config.nix +++ b/config.nix @@ -32,20 +32,35 @@ let backend = { - local = {}; + # local = {}; - # cloud = { - # hostname = "app.terraform.io"; - # organization = "bij1"; - # workspaces = { - # name = "hcloud"; - # }; - # }; + cloud = { + hostname = "app.terraform.io"; + organization = "bij1"; + workspaces = { + name = "hcloud"; + }; + }; }; in rec { + # imports = [ + # # inputs.sops-nix.nixosModules.sops # error: attribute 'services' missing + # # inputs.sops-nix.homeManagerModules.sops # error: The option `assertions' does not exist + # ]; + + # sops = { + # # age.keyFile = "/etc/nixos/keys.txt"; + # age.keyFile = "${toString ./.}/keys.txt"; + # defaultSopsFile = ./secrets.enc.yaml; + # secrets = { + # tf_cloud_token = {}; + # # hcloud_api_token = {}; + # }; + # }; + terraform = { required_providers = { @@ -73,8 +88,9 @@ in rec { local_file.test_import = { filename = "test_import.txt"; - content = config.sops.secrets.tf_cloud_token.path; - # content = "lol"; + # content = config.sops.secrets.tf_cloud_token.path; + # content = sops.secrets.tf_cloud_token.path; + content = "lol"; }; }; diff --git a/flake.nix b/flake.nix index 133d993..7984666 100644 --- a/flake.nix +++ b/flake.nix @@ -27,54 +27,19 @@ tfConfig = inputs.terranix.lib.terranixConfiguration { inherit system; modules = [ - # inputs.sops-nix.nixosModules.sops # error: attribute 'services' missing - inputs.sops-nix.homeManagerModules.sops # error: The option `assertions' does not exist - { - sops = { - # age.keyFile = "/etc/nixos/keys.txt"; - age.keyFile = "${toString ./.}/keys.txt"; - defaultSopsFile = ./secrets.enc.yaml; - secrets = { - tf_cloud_token = {}; - # hcloud_api_token = {}; - }; - }; - } inputs.terranix-hcloud.terranixModules.hcloud ./config.nix ]; }; tf = "${pkgs.opentofu}/bin/tofu"; - in - { - defaultPackage = tfConfig; + # export TF_VAR_hcloud_api_token=${hcloud_api_token} + # echo ${config.sops.secrets.tf_cloud_token.path} + terraform = pkgs.writers.writeBashBin "terraform" '' + ${tf} "$@" + ''; + # force-unlock bij1/hcloud - # Auto formatters. This also adds a flake check to ensure that the - # source tree was auto formatted. - treefmt.config = { - projectRootFile = "flake.nix"; - programs = { - nixpkgs-fmt.enable = true; - }; - }; - - # nix develop - devShell = pkgs.mkShell { - buildInputs = with pkgs; [ - treefmt - sops - age - woodpecker-cli - jq - inputs.terranix.defaultPackage.${system} - (opentofu.withPlugins (p: with p; [ - sops # https://registry.terraform.io/providers/carlpett/sops/latest/docs - hcloud # https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs - ])) - ]; - }; - - apps = let + programs = let tfCommand = cmd: '' if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi; export TF_CLOUD_TOKEN=$(${pkgs.sops}/bin/sops -d --extract '["tf_cloud_token"]' secrets.enc.yaml) @@ -86,12 +51,13 @@ EOF cp ${tfConfig} config.tf.json \ && ${tf} init \ - && ${tf} ${cmd} + && ${tf} ${cmd} "$@" ''; - in builtins.mapAttrs (name: script: { - type = "app"; - program = toString (pkgs.writers.writeBash name script); - }) { + in builtins.mapAttrs (name: script: pkgs.writers.writeBash name script) { + # nix run .#terraform; + inherit terraform; + # nix run .#unlock + unlock = tfCommand "force-unlock"; # nix run .#check check = tfCommand "validate"; # nix run .#apply @@ -109,6 +75,79 @@ rm ${toString ./.}/ci.tfrc ''; }; + apps = builtins.mapAttrs (name: program: { + type = "app"; + program = toString program; + }) programs; + + in + { + defaultPackage = tfConfig; + + # Auto formatters. This also adds a flake check to ensure that the + # source tree was auto formatted. + treefmt.config = { + projectRootFile = "flake.nix"; + programs = { + nixpkgs-fmt.enable = true; + }; + }; + + nixosModules = [ + inputs.sops-nix.nixosModules.sops + (import inputs.sops-nix.nixosModules.sops) + ]; + homeManagerModules = [ + inputs.sops-nix.homeManagerModules.sops + (import inputs.sops-nix.homeManagerModules.sops) + ]; + + imports = [ + inputs.sops-nix.nixosModules.sops + inputs.sops-nix.homeManagerModules.sops + (import inputs.sops-nix.nixosModules.sops) + (import inputs.sops-nix.homeManagerModules.sops) + ({ + sops = { + # age.keyFile = "/etc/nixos/keys.txt"; + age.keyFile = "${toString ./.}/keys.txt"; + defaultSopsFile = ./secrets.enc.yaml; + secrets = { + tf_cloud_token = {}; + # hcloud_api_token = {}; + }; + }; + }) + ({ + config.sops = { + # age.keyFile = "/etc/nixos/keys.txt"; + age.keyFile = "${toString ./.}/keys.txt"; + defaultSopsFile = ./secrets.enc.yaml; + secrets = { + tf_cloud_token = {}; + # hcloud_api_token = {}; + }; + }; + }) + ]; + + # nix develop + devShell = pkgs.mkShell { + buildInputs = (builtins.attrValues programs) ++ [ terraform ] ++ (with pkgs; [ + treefmt + sops + age + woodpecker-cli + jq + inputs.terranix.defaultPackage.${system} + (opentofu.withPlugins (p: with p; [ + sops # https://registry.terraform.io/providers/carlpett/sops/latest/docs + hcloud # https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs + ])) + ]); + }; + + inherit apps; # nix run defaultApp = self.apps.${system}.apply;