infra: import aws into opentofu
This commit is contained in:
parent
ec793dab58
commit
a5ab7d3093
23 changed files with 143 additions and 41 deletions
15
flake.nix
15
flake.nix
|
@ -121,6 +121,7 @@
|
|||
packages = with pkgs; [
|
||||
(opentofu.withPlugins (
|
||||
ps: with ps; [
|
||||
aws
|
||||
vultr
|
||||
sops
|
||||
]
|
||||
|
@ -161,12 +162,6 @@
|
|||
./nixos/profiles/server
|
||||
];
|
||||
|
||||
"tyo0" = {
|
||||
imports = [ ./hosts/tyo0 ];
|
||||
deployment.targetHost = "tyo0.ny4.dev";
|
||||
deployment.tags = [ "proxy" ];
|
||||
};
|
||||
|
||||
"pek0" = {
|
||||
imports = [ ./hosts/pek0 ];
|
||||
deployment.targetHost = "blacksteel"; # thru tailscale
|
||||
|
@ -184,9 +179,11 @@
|
|||
./hosts/vultr/common
|
||||
{ networking.hostName = n; }
|
||||
]
|
||||
# TODO: import aws
|
||||
else if (builtins.elem "amazon" v.tags) then
|
||||
[ ./hosts/amazon/${n} ]
|
||||
else if (builtins.elem "aws" v.tags) then
|
||||
[
|
||||
./hosts/aws/${n}
|
||||
{ networking.hostName = n; }
|
||||
]
|
||||
else
|
||||
[ ./hosts/${n} ];
|
||||
}) data.nodes.value)
|
||||
|
|
|
@ -20,11 +20,10 @@
|
|||
./services/vaultwarden.nix
|
||||
./services/wastebin.nix
|
||||
|
||||
../../nixos/profiles/sing-box-server
|
||||
../../../nixos/profiles/sing-box-server
|
||||
];
|
||||
|
||||
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
|
||||
networking.hostName = "tyo0";
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
swapDevices = lib.singleton {
|
19
infra/aws.tf
Normal file
19
infra/aws.tf
Normal file
|
@ -0,0 +1,19 @@
|
|||
locals {
|
||||
aws_nodes = {
|
||||
tyo0 = {
|
||||
region = "ap-northeast-1a"
|
||||
plan = "micro_3_0"
|
||||
tags = ["aws", "proxy"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "aws" {
|
||||
source = "./modules/aws"
|
||||
for_each = local.aws_nodes
|
||||
hostname = each.key
|
||||
fqdn = "${each.key}.ny4.dev"
|
||||
region = each.value.region
|
||||
plan = each.value.plan
|
||||
tags = each.value.tags
|
||||
}
|
|
@ -23,6 +23,21 @@
|
|||
"string"
|
||||
]
|
||||
}
|
||||
],
|
||||
"tyo0": [
|
||||
"object",
|
||||
{
|
||||
"fqdn": "string",
|
||||
"ipv4": "string",
|
||||
"ipv6": [
|
||||
"list",
|
||||
"string"
|
||||
],
|
||||
"tags": [
|
||||
"list",
|
||||
"string"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
|
@ -40,6 +55,17 @@
|
|||
"vultr",
|
||||
"proxy"
|
||||
]
|
||||
},
|
||||
"tyo0": {
|
||||
"fqdn": "tyo0.ny4.dev",
|
||||
"ipv4": "18.177.132.61",
|
||||
"ipv6": [
|
||||
"2406:da14:f1f:2f00:e63f:64a0:7505:7534"
|
||||
],
|
||||
"tags": [
|
||||
"aws",
|
||||
"proxy"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
58
infra/modules/aws/main.tf
Normal file
58
infra/modules/aws/main.tf
Normal file
|
@ -0,0 +1,58 @@
|
|||
variable "hostname" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "fqdn" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "plan" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
type = list(string)
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_providers {
|
||||
aws = {
|
||||
source = "registry.terraform.io/hashicorp/aws"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_lightsail_instance" "server" {
|
||||
availability_zone = var.region
|
||||
bundle_id = var.plan
|
||||
name = var.hostname
|
||||
tags = zipmap(var.tags, [for _ in var.tags : null])
|
||||
|
||||
blueprint_id = "debian_12" # nixos-anywhere
|
||||
ip_address_type = "dualstack"
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
name,
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
output "ipv4" {
|
||||
value = aws_lightsail_instance.server.public_ip_address
|
||||
}
|
||||
|
||||
output "ipv6" {
|
||||
value = aws_lightsail_instance.server.ipv6_addresses
|
||||
}
|
||||
|
||||
output "fqdn" {
|
||||
value = var.fqdn
|
||||
}
|
||||
|
||||
output "tags" {
|
||||
value = var.tags
|
||||
}
|
|
@ -1,3 +1,3 @@
|
|||
output "nodes" {
|
||||
value = module.vultr
|
||||
value = merge(module.vultr, module.aws)
|
||||
}
|
||||
|
|
|
@ -9,3 +9,9 @@ locals {
|
|||
provider "vultr" {
|
||||
api_key = local.secrets.vultr.api_key
|
||||
}
|
||||
|
||||
provider "aws" {
|
||||
region = "ap-northeast-1"
|
||||
access_key = local.secrets.aws.access_key
|
||||
secret_key = local.secrets.aws.secret_key
|
||||
}
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
vultr:
|
||||
api_key: ENC[AES256_GCM,data:e3ZTVPp/k673qjoHx/ls4HrEv+rYNUsK93DvLbDZwQqZtyrx,iv:jbsJFFV6B+vNXq9AvNWFFnyWoAI+EpZ7olDofFDmd5M=,tag:dCaidJtn1CJka/4lwoVe8g==,type:str]
|
||||
aws:
|
||||
access_key: ENC[AES256_GCM,data:5ShrhBmrpNTGmx711NqLhFXwjXI=,iv:QlSlQgAFA3r6uRmauaPqMLB+cVCLxWZ+6AQKIiFP7tk=,tag:6JceiJdk3YpX+WmtM7Yvnw==,type:str]
|
||||
secret_key: ENC[AES256_GCM,data:dMVwqkGnRkS5iR7zE7dQ6zuVSqCVFBnVI10v6o31K6068I942LyV7A==,iv:g/ZX5xplwRgsSwmy9Wjv6MchEegInAtgQ2aTwyS5p1U=,tag:cvlgeyMKZ+3gv2FrYb7+hA==,type:str]
|
||||
tofu:
|
||||
encryption: ENC[AES256_GCM,data:7+K0SYGOURiEbZ4IrOMJYYVWcSlLqxLv+9lZRUH/cH34qZ7CUt8vsSYP7VyRgCVqFr7sETGj1LPliPjJT2yge9HNbbuUnJ0U3RpLytl7z63nOLeSvUU=,iv:WGrozRmPerQ7iPJAqWmBy9XQ6SnOLrcLLwxdoa1ZIWQ=,tag:rcfNqW57WyVc4U0Iy2MHKA==,type:str]
|
||||
sops:
|
||||
|
@ -17,8 +20,8 @@ sops:
|
|||
WmJlc0piL0s1c3dQd25ibFFZUVRjTzAKNh71/iOviUisewtjmAXmJJdq8KfI4S8X
|
||||
pzEyAoajZIjUfqAnCNxVjxett2bKb2liM/mpO1McOpSRnFe8cOXWMg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-21T16:15:27Z"
|
||||
mac: ENC[AES256_GCM,data:VNoPXECkdYjeig1Aq3MdILIpzlZS8pZrkiMyY5ay6nsmM6XdtwPGjE+veAGcw/qJ/1PHq8N8Wx5hmgFo0pdX2RQSvou+iWeWq26h33iAxUQ10YPA3tgUTlA6aFeTvmiu4YBR9inuKZ48NIk52vJ64PJXVIoKCyFi525y704Mc9g=,iv:YKTKifp6o1AzmzVCFT3PCaVpkBKUR+Q0w0m09IoeRp0=,tag:lOvBJmJy41NjcvkIJADh3Q==,type:str]
|
||||
lastmodified: "2024-09-27T15:04:46Z"
|
||||
mac: ENC[AES256_GCM,data:5lpOT2/uaAkkRfbta3f9pRZekghJtvKhMx2mJRqoRq99yjot/YRe0t0ZFDUdiq2rtbKiHQWZdjG/7yrxcr61cMAoQeDLM5qW9+ri+HmjkhFn0dQ39VN8FzYL4bSYcZWNtMCZbCddcI1GZ2p0wu3KFzXi2jctb/mNp9SPGyW1vvw=,iv:FnloSZ10mT0F0MP5A5QOYfEvW62Z/ipJM6+w8fLZ50U=,tag:dyRyFiZ2xsZcXYE89Zzu/g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -6,6 +6,9 @@ terraform {
|
|||
sops = {
|
||||
source = "registry.terraform.io/carlpett/sops"
|
||||
}
|
||||
aws = {
|
||||
source = "registry.terraform.io/hashicorp/aws"
|
||||
}
|
||||
}
|
||||
|
||||
encryption {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
locals {
|
||||
nodes = {
|
||||
vultr_nodes = {
|
||||
sin0 = {
|
||||
region = "sgp"
|
||||
plan = "vhp-1c-1gb-amd"
|
||||
|
@ -22,7 +22,7 @@ EOT
|
|||
|
||||
module "vultr" {
|
||||
source = "./modules/vultr"
|
||||
for_each = local.nodes
|
||||
for_each = local.vultr_nodes
|
||||
hostname = each.key
|
||||
fqdn = "${each.key}.ny4.dev"
|
||||
region = each.value.region
|
||||
|
|
|
@ -11,38 +11,29 @@ sops:
|
|||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bTRYdi84N1VrcXhFZzRQ
|
||||
ZGVBV3pMUkxxTjZWcTBEVllhZzJCMkhtaGg4CjZYakRGODhLa3Rkb3lDQy9oVjFV
|
||||
SCtJUGtMcFMybGRIbmhIQUNQQ2I0dGMKLS0tIFAyZURTVFNQZml1d0JGYWZYQS84
|
||||
bnkrVUZvY3YwTVpUZHlzcTFvR1pNbkUKcVP66FDXJFN8tsprjwx7E+eSCb/qCe+F
|
||||
7HxC1Aele3vdu3GpJinArWblpXBoc66P6+5UHHop/O6c4p3dEjrCRQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcSs1VzlYdHJMTmJwSFZY
|
||||
NnZmODhtV3BIMlZnSXUzYm10blRTNHlFazFvCnB3Rzd0OWFSL1RnK2RIQUxNRFJE
|
||||
TWpKQWphMk9QN0ZSSW5PVjVtUHIwTkUKLS0tIFEzaFFzMDdLZzEyVjZpVngrd3pK
|
||||
dEh0R09lbll2cUhCSFZVMndOSnZKb3cK2AM+t4OkhxZcu7vCecloCgz3JNm4yP9M
|
||||
Vws82MoaIvQYAz54zr2GdgwKMea2Tuoj79eCBmno8vPqaSBApZSlXw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjT2swWFRaZnJyZW5XanNj
|
||||
VUE1OVNCOGRjRytab0g4MDdXRnVXdHIwSkVVCk1CNXlIVkU5WVRBQlg1cmtIS3dy
|
||||
MlkvUzkxTGtWOTBMRWs3MmJPV2tGWEEKLS0tIEl4a0N2NUdscnNlWEc2TmNzNGUr
|
||||
bFNTcHFWU2hlTXBjK0Rha2ZFNTFCcncKyI2b4FGDX3XI0jw9Wj6Skv/VfiFi8Upu
|
||||
HXCUovZqdWZBCtmNIXQSKjjTYizKAoTFK6YFqA8CKzNcRrq3vBRhcw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1T09lb3VTSElNSlRyWnp6
|
||||
YlBSd1BUNkdrNVU2ODhSSitVWjF0V1Fldm1rCmdFODFWanNsS0d1cFdyaGVZc2RB
|
||||
WVl5czJhMSt1eVl5M2JpaS83WUUrYmsKLS0tIHNRMmhCL29KaDRUK3N4SDJmY2l1
|
||||
SGRaVzBMeWRzM0FnaFNEbkY3QnZYS2MKxeMZONqb80Mi/K2X5oaMylyf0JwV7qdE
|
||||
qMNaAW5Xlh/7u0OR7hGsvZ4Rj25e5FH1FVpE7A0foUvjxKo+CweBrw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsczZ6QVpRQUtqVDhnYjJF
|
||||
dlRnT1pvWXdGaW9Ta1NZODJTTXU3aktrZUcwCm01V1RnR0RCcmZXYkRGN2U0M3k4
|
||||
WnhJbXl3UkNKcEtjaGkzellsUW84aGMKLS0tIEQweVdZTDFMZHlFT21LbDgva0x5
|
||||
NTlFcjArSzhYRzNCMG9EbmR2d1lVaXcKxvQMdsDAVSwStg1cr6sA55bkWIIEdhjj
|
||||
TObLtnZMdXskrcm7vRU8h8JpacTntSkjtQPYd04pBIItRIunE0DJJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12un5sgwu73ufgtd3e439fttek5yfem3m9twq9p7wx95kakmz3cyq5gm3et
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYnQ3OFZCcmVPTXZ3djBJ
|
||||
NTJvd0pobzh5TzNxN0pneExwcExEQzRSbEVnCjVtTTdRSk85YzVhVDFBWmYrdk0x
|
||||
RHNmUlREOEppWm1OQnR5eENPeFV2UWMKLS0tIGYxZ0RmTGRLaTBCdTkyMXk2MVUr
|
||||
VFFJTFRQWnFFV0MxbWpSUGNyUy83dHcKbl2wtGFCvh4m0/aKGQneWSV3cKdU7AbT
|
||||
11piv6jq54GNdq6QtbuX4MlbOsDO18jm29WZ2sbbHANnU70jyybIIA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0L21QbERYbXhIUjNsNzkw
|
||||
d2NEdXR1Yi9uNjRhUWhnWFpzZVlnM3Y2bkJvCnE3cTNNTlRWYjcwVUVsOXk0WVdH
|
||||
emJkVVhwVEZVWlhubUx1ZTNBaVgwZkEKLS0tIFNQdGZzQmhHdmZoejdOc2ppdUdB
|
||||
TkRJcDRiWHJZLytRclF2bTZMZVZkeUUKxyZiqQBCpdo+9K7zV+SLVjBeLUa01Ux1
|
||||
O60MI3FeblCk0qm6anfn2MPq8VBKjQUt2yVWYEvn0/GEuwMMdvSK9g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-22T05:18:57Z"
|
||||
mac: ENC[AES256_GCM,data:NaA8s3PRyhD9oVQr2DhsjuMVxT97SFwmH7hzRmq9eNXenwAsuJtJLV1MS9O9MW94rQo9aMeA5e//1jodTlkOgznnDoebX1m1cjXD88HMI3+NXu7f509HSlTKMopjst2PpOPGRq3Vt+SPHc9hV363O/rQBXiohCQ1o/YII1PBm1c=,iv:oqIeyit/UeISNrS6M6KZxJnzyk6f07NOa7dPK/VrtyM=,tag:CUEYuuNuvQeFJvat6tOpeQ==,type:str]
|
||||
|
|
Loading…
Reference in a new issue