Compare commits
5 Commits
main
...
packer-fla
Author | SHA1 | Date |
---|---|---|
Kiara Grouwstra | 3450cea72a | |
Kiara Grouwstra | daf312eea5 | |
Kiara Grouwstra | 20709e35df | |
Kiara Grouwstra | 635c3d42cc | |
Kiara Grouwstra | 5ff13ed3d1 |
55
flake.lock
55
flake.lock
|
@ -50,13 +50,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-infect": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1695561918,
|
||||
"narHash": "sha256-QSL14ffpWhBXABBrP1Yyeq7fTEXxddR1rVrInFj3TLg=",
|
||||
"owner": "elitak",
|
||||
"repo": "nixos-infect",
|
||||
"rev": "6a72f0bff6a26b4d1ce0c7c71cb2f10ca3384228",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "elitak",
|
||||
"repo": "nixos-infect",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1704999660,
|
||||
"narHash": "sha256-nKC1rq0+9uswJzkVyBH6aTzKrE31GPNZHmLWfGhvXL8=",
|
||||
"lastModified": 1705276522,
|
||||
"narHash": "sha256-ZZ4++8OAz8z0XJSwC+82tlJRQ0AUvlGQCAIViWPZ/Kc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6cd98a7a7575e7ff7923b1c84259da0b43ba827e",
|
||||
"rev": "500129c8b2739e99e05d56c6757bb6d176c0ca1b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -65,10 +81,32 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unfree": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701957584,
|
||||
"narHash": "sha256-xEpFaRdrneHl3Xdyzp3emd4QVxML7AR3GC91wuWi0Ok=",
|
||||
"owner": "numtide",
|
||||
"repo": "nixpkgs-unfree",
|
||||
"rev": "127b9b18583de04c6207c2a0e674abf64fc4a3b1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "nixpkgs-unfree",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixos-infect": "nixos-infect",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unfree": "nixpkgs-unfree",
|
||||
"terranix": "terranix",
|
||||
"terranix-hcloud": "terranix-hcloud"
|
||||
}
|
||||
|
@ -101,15 +139,16 @@
|
|||
"terranix-examples": "terranix-examples"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695406838,
|
||||
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
|
||||
"owner": "terranix",
|
||||
"lastModified": 1705278053,
|
||||
"narHash": "sha256-XszbM5oJxWji3CNgw2jo8GpsuF9S6CCS/UuhY4P0igQ=",
|
||||
"owner": "KiaraGrouwstra",
|
||||
"repo": "terranix",
|
||||
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
|
||||
"rev": "5f5561aa2de9b00c44c684d536353b1b4799968e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "terranix",
|
||||
"owner": "KiaraGrouwstra",
|
||||
"ref": "kiara",
|
||||
"repo": "terranix",
|
||||
"type": "github"
|
||||
}
|
||||
|
|
21
flake.nix
21
flake.nix
|
@ -3,16 +3,24 @@
|
|||
nixpkgs.url = "github:nixos/nixpkgs";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
terranix = {
|
||||
url = "github:terranix/terranix";
|
||||
url = "github:KiaraGrouwstra/terranix/kiara";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
nixos-infect = {
|
||||
url = "github:elitak/nixos-infect";
|
||||
flake = false;
|
||||
};
|
||||
terranix-hcloud = {
|
||||
url = "github:terranix/terranix-hcloud";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
inputs.terranix.follows = "terranix";
|
||||
};
|
||||
nixpkgs-unfree = {
|
||||
url = "github:numtide/nixpkgs-unfree";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, ... }@inputs:
|
||||
|
@ -28,6 +36,9 @@
|
|||
};
|
||||
tf = "${pkgs.opentofu}/bin/tofu";
|
||||
sops = "${pkgs.sops}/bin/sops";
|
||||
terranix = "${pkgs.sops}/bin/terranix";
|
||||
unfree = inputs.nixpkgs-unfree.legacyPackages.${system}.pkgs;
|
||||
packer = "${unfree.packer}/bin/packer";
|
||||
in
|
||||
{
|
||||
defaultPackage = tfConfig;
|
||||
|
@ -52,6 +63,7 @@
|
|||
(opentofu.withPlugins (p: with p; [
|
||||
hcloud # https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs
|
||||
]))
|
||||
unfree.packer
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -92,6 +104,13 @@
|
|||
rm ${toString ./.}/.auto.tfvars.json
|
||||
rm ${toString ./.}/ci.tfrc
|
||||
'';
|
||||
build = ''
|
||||
${sops} --output-type json -d .auto.tfvars.enc.yaml > .auto.pkrvars.json
|
||||
${terranix} nixos.pkr.nix > nixos.pkr.json
|
||||
${packer} init nixos.pkr.json
|
||||
${packer} validate -var-file=.auto.pkrvars.json nixos.pkr.json
|
||||
${packer} build -var-file=.auto.pkrvars.json nixos.pkr.json
|
||||
'';
|
||||
};
|
||||
|
||||
# nix run
|
||||
|
|
|
@ -0,0 +1,138 @@
|
|||
{ config, lib, ... }:
|
||||
# { config, lib, inputs, ... }:
|
||||
|
||||
let
|
||||
|
||||
indent = numberOfSpaces: str: let
|
||||
lines = lib.splitString "\n" str;
|
||||
prependSpaces = (x: numberOfSpaces * " " + x);
|
||||
in lib.concatMapStringsSep "\n" prependSpaces lines;
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
packer = {
|
||||
required_plugins = {
|
||||
hcloud = {
|
||||
source = "github.com/hetznercloud/hcloud";
|
||||
version = "~> 1";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
variable = {
|
||||
|
||||
hcloud_api_token = {
|
||||
type = "string";
|
||||
description = "[Hetzner Cloud API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token)";
|
||||
sensitive = true;
|
||||
};
|
||||
|
||||
nixos_version = {
|
||||
type = "string";
|
||||
default = "23.11";
|
||||
};
|
||||
|
||||
arch = {
|
||||
type = "string";
|
||||
default = "aarch64"; # x86_64
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/servers/overview/#pricing
|
||||
server_type = {
|
||||
type = "string";
|
||||
# can use images on servers bigger than the build server
|
||||
# but not smaller, so this is the smallest option,
|
||||
# in this case for arm architecture
|
||||
default = "cax11";
|
||||
};
|
||||
|
||||
# https://docs.hetzner.com/cloud/general/locations/
|
||||
server_location = {
|
||||
type = "string";
|
||||
default = "nbg1";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
locals = {
|
||||
image = "https://github.com/nixos/nixos/releases/download/\${var.nixos_version}/hcloud-\${var.arch}.raw.xz";
|
||||
# image = "https://channels.nixos.org/nixos-\${var.nixos_version}/latest-nixos-minimal-\${var.arch}-linux.iso";
|
||||
};
|
||||
|
||||
# https://developer.hashicorp.com/packer/integrations/hetznercloud/hcloud/latest/components/builder/hcloud
|
||||
source."hcloud"."nixos" = {
|
||||
token = "\${var.hcloud_api_token}";
|
||||
rescue = "linux64";
|
||||
image = "ubuntu-22.04";
|
||||
location = "\${var.server_location}";
|
||||
server_type = "\${var.server_type}";
|
||||
ssh_keys = [];
|
||||
# user_data_file = "";
|
||||
# TODO: use flake input instead
|
||||
user_data = ''
|
||||
#cloud-config
|
||||
runcmd:
|
||||
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-''${var.nixos_version} bash 2>&1 | tee /tmp/infect.log
|
||||
# - |
|
||||
export PROVIDER=hetznercloud
|
||||
export NIX_CHANNEL=nixos-''${var.nixos_version}
|
||||
# ${indent 2 (lib.readFile "${inputs.nixos-infect}/nixos-infect")}
|
||||
'';
|
||||
ssh_username = "root";
|
||||
|
||||
snapshot_name = "nixos system disk - \${var.arch} - \${var.nixos_version}";
|
||||
snapshot_labels = {
|
||||
type = "infra";
|
||||
os = "nixos";
|
||||
version = "\${var.nixos_version}";
|
||||
arch = "\${var.arch}";
|
||||
};
|
||||
};
|
||||
|
||||
build = {
|
||||
# can e.g. specify multiple for different architectures setting respective
|
||||
# default server types, to automatically build for multiple architectures
|
||||
sources = ["source.hcloud.nixos"];
|
||||
|
||||
provisioner."shell" = {
|
||||
env = {
|
||||
BUILDER = "packer";
|
||||
};
|
||||
|
||||
# scripts = [
|
||||
# "os-setup.sh"
|
||||
# ];
|
||||
# or:
|
||||
# inline = [
|
||||
# # "apt-get install -y wget"
|
||||
# # "wget -O /tmp/nixos.raw.xz \${local.image}"
|
||||
# # "xz -d -c /tmp/nixos.raw.xz | dd of=/dev/sda && sync"
|
||||
# "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-\${var.nixos_version} bash -x"
|
||||
# # "export NIX_CHANNEL=nixos-\${var.nixos_version}; ${lib.readFile "${inputs.nixos-infect}/nixos-infect"}"
|
||||
# # additional inspiration: https://github.com/terranix/terranix-hcloud/blob/main/module/nixserver.nix#L95-L118
|
||||
# ];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
# Additionally you could create a file containing
|
||||
|
||||
# arch = "aarch64"
|
||||
# server_type = "cax11"
|
||||
# server_location = "nbg1"
|
||||
|
||||
|
||||
# # First you need set API Token
|
||||
# ```sh
|
||||
# export HCLOUD_TOKEN=${TOKEN}
|
||||
|
||||
# # Upload image
|
||||
# packer init .
|
||||
# packer build .
|
||||
# # Save the image ID
|
||||
# export IMAGE_ID=<image-id-in-packer-output>
|
||||
# ```
|
||||
|
||||
# packer build -var arch=aarch64 -var server_type=cax11 -var server_location=nbg1 .
|
Loading…
Reference in New Issue