bij1
/
terraform-config
19
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: bij1:main
Branches Tags
bij1:main
bij1:nomad-examples
bij1:packer
bij1:nomad-tf-poc
bij1:packer-flake
bij1:sops-nix
bij1:sops-nix-wip
bij1:hcloud
bij1:providers
...
pull from: bij1:packer
Branches Tags
bij1:nomad-examples
bij1:packer
bij1:main
bij1:nomad-tf-poc
bij1:packer-flake
bij1:sops-nix
bij1:sops-nix-wip
bij1:hcloud
bij1:providers

5 Commits
main ... packer

Author SHA1 Message Date
Kiara Grouwstra fdf6678f16 add config notes 2024-01-25 18:19:43 +01:00
Kiara Grouwstra daf312eea5 consider switching nixos-infect to user-data (untested) 2024-01-22 15:04:13 +01:00
Kiara Grouwstra 20709e35df pass credential 
script issue:
ERROR: No ESP mount point found
 2024-01-20 22:06:51 +01:00
Kiara Grouwstra 635c3d42cc add build command for packer 
progress: hetzner cloud token yielding unauthorized somehow
 2024-01-20 21:20:56 +01:00
Kiara Grouwstra 5ff13ed3d1 wip: nixos bootstrap w/ packer hetzner + nixos-infect 
after: [get id of packer-created image](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server#server-creation-from-snapshot)
 2024-01-20 21:20:00 +01:00
3 changed files with 197 additions and 9 deletions
Show Stats Expand all files Collapse all files

55
flake.lock
View File

@ -50,13 +50,29 @@
"type": "github"
}
},
"nixos-infect": {
"flake": false,
"locked": {
"lastModified": 1695561918,
"narHash": "sha256-QSL14ffpWhBXABBrP1Yyeq7fTEXxddR1rVrInFj3TLg=",
"owner": "elitak",
"repo": "nixos-infect",
"rev": "6a72f0bff6a26b4d1ce0c7c71cb2f10ca3384228",
"type": "github"
},
"original": {
"owner": "elitak",
"repo": "nixos-infect",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1704999660,
"narHash": "sha256-nKC1rq0+9uswJzkVyBH6aTzKrE31GPNZHmLWfGhvXL8=",
"lastModified": 1705276522,
"narHash": "sha256-ZZ4++8OAz8z0XJSwC+82tlJRQ0AUvlGQCAIViWPZ/Kc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6cd98a7a7575e7ff7923b1c84259da0b43ba827e",
"rev": "500129c8b2739e99e05d56c6757bb6d176c0ca1b",
"type": "github"
},
"original": {
@ -65,10 +81,32 @@
"type": "github"
}
},
"nixpkgs-unfree": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1701957584,
"narHash": "sha256-xEpFaRdrneHl3Xdyzp3emd4QVxML7AR3GC91wuWi0Ok=",
"owner": "numtide",
"repo": "nixpkgs-unfree",
"rev": "127b9b18583de04c6207c2a0e674abf64fc4a3b1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixpkgs-unfree",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixos-infect": "nixos-infect",
"nixpkgs": "nixpkgs",
"nixpkgs-unfree": "nixpkgs-unfree",
"terranix": "terranix",
"terranix-hcloud": "terranix-hcloud"
}
@ -101,15 +139,16 @@
"terranix-examples": "terranix-examples"
},
"locked": {
"lastModified": 1695406838,
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
"owner": "terranix",
"lastModified": 1705278053,
"narHash": "sha256-XszbM5oJxWji3CNgw2jo8GpsuF9S6CCS/UuhY4P0igQ=",
"owner": "KiaraGrouwstra",
"repo": "terranix",
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
"rev": "5f5561aa2de9b00c44c684d536353b1b4799968e",
"type": "github"
},
"original": {
"owner": "terranix",
"owner": "KiaraGrouwstra",
"ref": "kiara",
"repo": "terranix",
"type": "github"
}

21
flake.nix
View File

@ -3,16 +3,24 @@
nixpkgs.url = "github:nixos/nixpkgs";
flake-utils.url = "github:numtide/flake-utils";
terranix = {
url = "github:terranix/terranix";
url = "github:KiaraGrouwstra/terranix/kiara";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
nixos-infect = {
url = "github:elitak/nixos-infect";
flake = false;
};
terranix-hcloud = {
url = "github:terranix/terranix-hcloud";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
inputs.terranix.follows = "terranix";
};
nixpkgs-unfree = {
url = "github:numtide/nixpkgs-unfree";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, ... }@inputs:
@ -28,6 +36,9 @@
};
tf = "${pkgs.opentofu}/bin/tofu";
sops = "${pkgs.sops}/bin/sops";
terranix = "${pkgs.sops}/bin/terranix";
unfree = inputs.nixpkgs-unfree.legacyPackages.${system}.pkgs;
packer = "${unfree.packer}/bin/packer";
in
{
defaultPackage = tfConfig;
@ -52,6 +63,7 @@
(opentofu.withPlugins (p: with p; [
hcloud # https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs
]))
unfree.packer
];
};
@ -92,6 +104,13 @@
rm ${toString ./.}/.auto.tfvars.json
rm ${toString ./.}/ci.tfrc
'';
build = ''
${sops} --output-type json -d .auto.tfvars.enc.yaml > .auto.pkrvars.json
${terranix} nixos.pkr.nix > nixos.pkr.json
${packer} init nixos.pkr.json
${packer} validate -var-file=.auto.pkrvars.json nixos.pkr.json
${packer} build -var-file=.auto.pkrvars.json nixos.pkr.json
'';
};
# nix run

130
nixos.pkr.nix Normal file
View File

@ -0,0 +1,130 @@
{ config, lib, ... }:
# { config, lib, inputs, ... }:
{
packer = {
required_plugins = {
hcloud = {
source = "github.com/hetznercloud/hcloud";
version = "~> 1";
};
};
};
variable = {
hcloud_api_token = {
type = "string";
description = "[Hetzner Cloud API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token)";
sensitive = true;
};
nixos_version = {
type = "string";
default = "23.11";
};
arch = {
type = "string";
default = "aarch64"; # x86_64
};
# https://docs.hetzner.com/cloud/servers/overview/#pricing
server_type = {
type = "string";
# can use images on servers bigger than the build server
# but not smaller, so this is the smallest option,
# in this case for arm architecture
default = "cax11";
};
# https://docs.hetzner.com/cloud/general/locations/
server_location = {
type = "string";
default = "nbg1";
};
};
locals = {
image = "https://github.com/nixos/nixos/releases/download/\${var.nixos_version}/hcloud-\${var.arch}.raw.xz";
# image = "https://channels.nixos.org/nixos-\${var.nixos_version}/latest-nixos-minimal-\${var.arch}-linux.iso";
};
# https://developer.hashicorp.com/packer/integrations/hetznercloud/hcloud/latest/components/builder/hcloud
source."hcloud"."nixos" = {
token = "\${var.hcloud_api_token}";
rescue = "linux64";
image = "ubuntu-22.04";
location = "\${var.server_location}";
server_type = "\${var.server_type}";
ssh_keys = [];
# user_data_file = "";
# TODO: use flake input instead
user_data = ''
#cloud-config
runcmd:
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-''${var.nixos_version} bash 2>&1 | tee /tmp/infect.log
ssh_username = "root";
snapshot_name = "nixos system disk - \${var.arch} - \${var.nixos_version}";
snapshot_labels = {
type = "infra";
os = "nixos";
version = "\${var.nixos_version}";
arch = "\${var.arch}";
};
};
build = {
# can e.g. specify multiple for different architectures setting respective
# default server types, to automatically build for multiple architectures
sources = ["source.hcloud.nixos"];
provisioner."shell" = {
env = {
BUILDER = "packer";
};
# scripts = [
# "os-setup.sh"
# ];
# or:
# inline = [
# # "apt-get install -y wget"
# # "wget -O /tmp/nixos.raw.xz \${local.image}"
# # "xz -d -c /tmp/nixos.raw.xz | dd of=/dev/sda && sync"
# "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-\${var.nixos_version} bash -x"
# # "export NIX_CHANNEL=nixos-\${var.nixos_version}; ${lib.readFile "${inputs.nixos-infect}/nixos-infect"}"
# # additional inspiration: https://github.com/terranix/terranix-hcloud/blob/main/module/nixserver.nix#L95-L118
# ];
};
};
}
# Additionally you could create a file containing
# arch = "aarch64"
# server_type = "cax11"
# server_location = "nbg1"
# # First you need set API Token
# ```sh
# export HCLOUD_TOKEN=${TOKEN}
# # Upload image
# packer init .
# packer build .
# # Save the image ID
# export IMAGE_ID=<image-id-in-packer-output>
# ```
# packer build -var arch=aarch64 -var server_type=cax11 -var server_location=nbg1 .
# further settings of note:
# - https://github.com/input-output-hk/nomad-driver-nix/blob/main/flake.nix#L106-L108
# - https://xeiaso.net/blog/paranoid-nixos-2021-07-18/