infra: import aws into opentofu
This commit is contained in:
parent
ec793dab58
commit
a5ab7d3093
23 changed files with 143 additions and 41 deletions
15
flake.nix
15
flake.nix
|
@ -121,6 +121,7 @@
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
(opentofu.withPlugins (
|
(opentofu.withPlugins (
|
||||||
ps: with ps; [
|
ps: with ps; [
|
||||||
|
aws
|
||||||
vultr
|
vultr
|
||||||
sops
|
sops
|
||||||
]
|
]
|
||||||
|
@ -161,12 +162,6 @@
|
||||||
./nixos/profiles/server
|
./nixos/profiles/server
|
||||||
];
|
];
|
||||||
|
|
||||||
"tyo0" = {
|
|
||||||
imports = [ ./hosts/tyo0 ];
|
|
||||||
deployment.targetHost = "tyo0.ny4.dev";
|
|
||||||
deployment.tags = [ "proxy" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
"pek0" = {
|
"pek0" = {
|
||||||
imports = [ ./hosts/pek0 ];
|
imports = [ ./hosts/pek0 ];
|
||||||
deployment.targetHost = "blacksteel"; # thru tailscale
|
deployment.targetHost = "blacksteel"; # thru tailscale
|
||||||
|
@ -184,9 +179,11 @@
|
||||||
./hosts/vultr/common
|
./hosts/vultr/common
|
||||||
{ networking.hostName = n; }
|
{ networking.hostName = n; }
|
||||||
]
|
]
|
||||||
# TODO: import aws
|
else if (builtins.elem "aws" v.tags) then
|
||||||
else if (builtins.elem "amazon" v.tags) then
|
[
|
||||||
[ ./hosts/amazon/${n} ]
|
./hosts/aws/${n}
|
||||||
|
{ networking.hostName = n; }
|
||||||
|
]
|
||||||
else
|
else
|
||||||
[ ./hosts/${n} ];
|
[ ./hosts/${n} ];
|
||||||
}) data.nodes.value)
|
}) data.nodes.value)
|
||||||
|
|
|
@ -20,11 +20,10 @@
|
||||||
./services/vaultwarden.nix
|
./services/vaultwarden.nix
|
||||||
./services/wastebin.nix
|
./services/wastebin.nix
|
||||||
|
|
||||||
../../nixos/profiles/sing-box-server
|
../../../nixos/profiles/sing-box-server
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
|
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
|
||||||
networking.hostName = "tyo0";
|
|
||||||
system.stateVersion = "24.05";
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
swapDevices = lib.singleton {
|
swapDevices = lib.singleton {
|
19
infra/aws.tf
Normal file
19
infra/aws.tf
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
locals {
|
||||||
|
aws_nodes = {
|
||||||
|
tyo0 = {
|
||||||
|
region = "ap-northeast-1a"
|
||||||
|
plan = "micro_3_0"
|
||||||
|
tags = ["aws", "proxy"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module "aws" {
|
||||||
|
source = "./modules/aws"
|
||||||
|
for_each = local.aws_nodes
|
||||||
|
hostname = each.key
|
||||||
|
fqdn = "${each.key}.ny4.dev"
|
||||||
|
region = each.value.region
|
||||||
|
plan = each.value.plan
|
||||||
|
tags = each.value.tags
|
||||||
|
}
|
|
@ -23,6 +23,21 @@
|
||||||
"string"
|
"string"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
],
|
||||||
|
"tyo0": [
|
||||||
|
"object",
|
||||||
|
{
|
||||||
|
"fqdn": "string",
|
||||||
|
"ipv4": "string",
|
||||||
|
"ipv6": [
|
||||||
|
"list",
|
||||||
|
"string"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"list",
|
||||||
|
"string"
|
||||||
|
]
|
||||||
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
@ -40,6 +55,17 @@
|
||||||
"vultr",
|
"vultr",
|
||||||
"proxy"
|
"proxy"
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
"tyo0": {
|
||||||
|
"fqdn": "tyo0.ny4.dev",
|
||||||
|
"ipv4": "18.177.132.61",
|
||||||
|
"ipv6": [
|
||||||
|
"2406:da14:f1f:2f00:e63f:64a0:7505:7534"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"aws",
|
||||||
|
"proxy"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
58
infra/modules/aws/main.tf
Normal file
58
infra/modules/aws/main.tf
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
variable "hostname" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "fqdn" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "plan" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "tags" {
|
||||||
|
type = list(string)
|
||||||
|
}
|
||||||
|
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
aws = {
|
||||||
|
source = "registry.terraform.io/hashicorp/aws"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_lightsail_instance" "server" {
|
||||||
|
availability_zone = var.region
|
||||||
|
bundle_id = var.plan
|
||||||
|
name = var.hostname
|
||||||
|
tags = zipmap(var.tags, [for _ in var.tags : null])
|
||||||
|
|
||||||
|
blueprint_id = "debian_12" # nixos-anywhere
|
||||||
|
ip_address_type = "dualstack"
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [
|
||||||
|
name,
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
output "ipv4" {
|
||||||
|
value = aws_lightsail_instance.server.public_ip_address
|
||||||
|
}
|
||||||
|
|
||||||
|
output "ipv6" {
|
||||||
|
value = aws_lightsail_instance.server.ipv6_addresses
|
||||||
|
}
|
||||||
|
|
||||||
|
output "fqdn" {
|
||||||
|
value = var.fqdn
|
||||||
|
}
|
||||||
|
|
||||||
|
output "tags" {
|
||||||
|
value = var.tags
|
||||||
|
}
|
|
@ -1,3 +1,3 @@
|
||||||
output "nodes" {
|
output "nodes" {
|
||||||
value = module.vultr
|
value = merge(module.vultr, module.aws)
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,3 +9,9 @@ locals {
|
||||||
provider "vultr" {
|
provider "vultr" {
|
||||||
api_key = local.secrets.vultr.api_key
|
api_key = local.secrets.vultr.api_key
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "aws" {
|
||||||
|
region = "ap-northeast-1"
|
||||||
|
access_key = local.secrets.aws.access_key
|
||||||
|
secret_key = local.secrets.aws.secret_key
|
||||||
|
}
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
vultr:
|
vultr:
|
||||||
api_key: ENC[AES256_GCM,data:e3ZTVPp/k673qjoHx/ls4HrEv+rYNUsK93DvLbDZwQqZtyrx,iv:jbsJFFV6B+vNXq9AvNWFFnyWoAI+EpZ7olDofFDmd5M=,tag:dCaidJtn1CJka/4lwoVe8g==,type:str]
|
api_key: ENC[AES256_GCM,data:e3ZTVPp/k673qjoHx/ls4HrEv+rYNUsK93DvLbDZwQqZtyrx,iv:jbsJFFV6B+vNXq9AvNWFFnyWoAI+EpZ7olDofFDmd5M=,tag:dCaidJtn1CJka/4lwoVe8g==,type:str]
|
||||||
|
aws:
|
||||||
|
access_key: ENC[AES256_GCM,data:5ShrhBmrpNTGmx711NqLhFXwjXI=,iv:QlSlQgAFA3r6uRmauaPqMLB+cVCLxWZ+6AQKIiFP7tk=,tag:6JceiJdk3YpX+WmtM7Yvnw==,type:str]
|
||||||
|
secret_key: ENC[AES256_GCM,data:dMVwqkGnRkS5iR7zE7dQ6zuVSqCVFBnVI10v6o31K6068I942LyV7A==,iv:g/ZX5xplwRgsSwmy9Wjv6MchEegInAtgQ2aTwyS5p1U=,tag:cvlgeyMKZ+3gv2FrYb7+hA==,type:str]
|
||||||
tofu:
|
tofu:
|
||||||
encryption: ENC[AES256_GCM,data:7+K0SYGOURiEbZ4IrOMJYYVWcSlLqxLv+9lZRUH/cH34qZ7CUt8vsSYP7VyRgCVqFr7sETGj1LPliPjJT2yge9HNbbuUnJ0U3RpLytl7z63nOLeSvUU=,iv:WGrozRmPerQ7iPJAqWmBy9XQ6SnOLrcLLwxdoa1ZIWQ=,tag:rcfNqW57WyVc4U0Iy2MHKA==,type:str]
|
encryption: ENC[AES256_GCM,data:7+K0SYGOURiEbZ4IrOMJYYVWcSlLqxLv+9lZRUH/cH34qZ7CUt8vsSYP7VyRgCVqFr7sETGj1LPliPjJT2yge9HNbbuUnJ0U3RpLytl7z63nOLeSvUU=,iv:WGrozRmPerQ7iPJAqWmBy9XQ6SnOLrcLLwxdoa1ZIWQ=,tag:rcfNqW57WyVc4U0Iy2MHKA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
|
@ -17,8 +20,8 @@ sops:
|
||||||
WmJlc0piL0s1c3dQd25ibFFZUVRjTzAKNh71/iOviUisewtjmAXmJJdq8KfI4S8X
|
WmJlc0piL0s1c3dQd25ibFFZUVRjTzAKNh71/iOviUisewtjmAXmJJdq8KfI4S8X
|
||||||
pzEyAoajZIjUfqAnCNxVjxett2bKb2liM/mpO1McOpSRnFe8cOXWMg==
|
pzEyAoajZIjUfqAnCNxVjxett2bKb2liM/mpO1McOpSRnFe8cOXWMg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-21T16:15:27Z"
|
lastmodified: "2024-09-27T15:04:46Z"
|
||||||
mac: ENC[AES256_GCM,data:VNoPXECkdYjeig1Aq3MdILIpzlZS8pZrkiMyY5ay6nsmM6XdtwPGjE+veAGcw/qJ/1PHq8N8Wx5hmgFo0pdX2RQSvou+iWeWq26h33iAxUQ10YPA3tgUTlA6aFeTvmiu4YBR9inuKZ48NIk52vJ64PJXVIoKCyFi525y704Mc9g=,iv:YKTKifp6o1AzmzVCFT3PCaVpkBKUR+Q0w0m09IoeRp0=,tag:lOvBJmJy41NjcvkIJADh3Q==,type:str]
|
mac: ENC[AES256_GCM,data:5lpOT2/uaAkkRfbta3f9pRZekghJtvKhMx2mJRqoRq99yjot/YRe0t0ZFDUdiq2rtbKiHQWZdjG/7yrxcr61cMAoQeDLM5qW9+ri+HmjkhFn0dQ39VN8FzYL4bSYcZWNtMCZbCddcI1GZ2p0wu3KFzXi2jctb/mNp9SPGyW1vvw=,iv:FnloSZ10mT0F0MP5A5QOYfEvW62Z/ipJM6+w8fLZ50U=,tag:dyRyFiZ2xsZcXYE89Zzu/g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -6,6 +6,9 @@ terraform {
|
||||||
sops = {
|
sops = {
|
||||||
source = "registry.terraform.io/carlpett/sops"
|
source = "registry.terraform.io/carlpett/sops"
|
||||||
}
|
}
|
||||||
|
aws = {
|
||||||
|
source = "registry.terraform.io/hashicorp/aws"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
encryption {
|
encryption {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
locals {
|
locals {
|
||||||
nodes = {
|
vultr_nodes = {
|
||||||
sin0 = {
|
sin0 = {
|
||||||
region = "sgp"
|
region = "sgp"
|
||||||
plan = "vhp-1c-1gb-amd"
|
plan = "vhp-1c-1gb-amd"
|
||||||
|
@ -22,7 +22,7 @@ EOT
|
||||||
|
|
||||||
module "vultr" {
|
module "vultr" {
|
||||||
source = "./modules/vultr"
|
source = "./modules/vultr"
|
||||||
for_each = local.nodes
|
for_each = local.vultr_nodes
|
||||||
hostname = each.key
|
hostname = each.key
|
||||||
fqdn = "${each.key}.ny4.dev"
|
fqdn = "${each.key}.ny4.dev"
|
||||||
region = each.value.region
|
region = each.value.region
|
||||||
|
|
|
@ -11,38 +11,29 @@ sops:
|
||||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bTRYdi84N1VrcXhFZzRQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcSs1VzlYdHJMTmJwSFZY
|
||||||
ZGVBV3pMUkxxTjZWcTBEVllhZzJCMkhtaGg4CjZYakRGODhLa3Rkb3lDQy9oVjFV
|
NnZmODhtV3BIMlZnSXUzYm10blRTNHlFazFvCnB3Rzd0OWFSL1RnK2RIQUxNRFJE
|
||||||
SCtJUGtMcFMybGRIbmhIQUNQQ2I0dGMKLS0tIFAyZURTVFNQZml1d0JGYWZYQS84
|
TWpKQWphMk9QN0ZSSW5PVjVtUHIwTkUKLS0tIFEzaFFzMDdLZzEyVjZpVngrd3pK
|
||||||
bnkrVUZvY3YwTVpUZHlzcTFvR1pNbkUKcVP66FDXJFN8tsprjwx7E+eSCb/qCe+F
|
dEh0R09lbll2cUhCSFZVMndOSnZKb3cK2AM+t4OkhxZcu7vCecloCgz3JNm4yP9M
|
||||||
7HxC1Aele3vdu3GpJinArWblpXBoc66P6+5UHHop/O6c4p3dEjrCRQ==
|
Vws82MoaIvQYAz54zr2GdgwKMea2Tuoj79eCBmno8vPqaSBApZSlXw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjT2swWFRaZnJyZW5XanNj
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1T09lb3VTSElNSlRyWnp6
|
||||||
VUE1OVNCOGRjRytab0g4MDdXRnVXdHIwSkVVCk1CNXlIVkU5WVRBQlg1cmtIS3dy
|
YlBSd1BUNkdrNVU2ODhSSitVWjF0V1Fldm1rCmdFODFWanNsS0d1cFdyaGVZc2RB
|
||||||
MlkvUzkxTGtWOTBMRWs3MmJPV2tGWEEKLS0tIEl4a0N2NUdscnNlWEc2TmNzNGUr
|
WVl5czJhMSt1eVl5M2JpaS83WUUrYmsKLS0tIHNRMmhCL29KaDRUK3N4SDJmY2l1
|
||||||
bFNTcHFWU2hlTXBjK0Rha2ZFNTFCcncKyI2b4FGDX3XI0jw9Wj6Skv/VfiFi8Upu
|
SGRaVzBMeWRzM0FnaFNEbkY3QnZYS2MKxeMZONqb80Mi/K2X5oaMylyf0JwV7qdE
|
||||||
HXCUovZqdWZBCtmNIXQSKjjTYizKAoTFK6YFqA8CKzNcRrq3vBRhcw==
|
qMNaAW5Xlh/7u0OR7hGsvZ4Rj25e5FH1FVpE7A0foUvjxKo+CweBrw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
|
- recipient: age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsczZ6QVpRQUtqVDhnYjJF
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0L21QbERYbXhIUjNsNzkw
|
||||||
dlRnT1pvWXdGaW9Ta1NZODJTTXU3aktrZUcwCm01V1RnR0RCcmZXYkRGN2U0M3k4
|
d2NEdXR1Yi9uNjRhUWhnWFpzZVlnM3Y2bkJvCnE3cTNNTlRWYjcwVUVsOXk0WVdH
|
||||||
WnhJbXl3UkNKcEtjaGkzellsUW84aGMKLS0tIEQweVdZTDFMZHlFT21LbDgva0x5
|
emJkVVhwVEZVWlhubUx1ZTNBaVgwZkEKLS0tIFNQdGZzQmhHdmZoejdOc2ppdUdB
|
||||||
NTlFcjArSzhYRzNCMG9EbmR2d1lVaXcKxvQMdsDAVSwStg1cr6sA55bkWIIEdhjj
|
TkRJcDRiWHJZLytRclF2bTZMZVZkeUUKxyZiqQBCpdo+9K7zV+SLVjBeLUa01Ux1
|
||||||
TObLtnZMdXskrcm7vRU8h8JpacTntSkjtQPYd04pBIItRIunE0DJJA==
|
O60MI3FeblCk0qm6anfn2MPq8VBKjQUt2yVWYEvn0/GEuwMMdvSK9g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age12un5sgwu73ufgtd3e439fttek5yfem3m9twq9p7wx95kakmz3cyq5gm3et
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYnQ3OFZCcmVPTXZ3djBJ
|
|
||||||
NTJvd0pobzh5TzNxN0pneExwcExEQzRSbEVnCjVtTTdRSk85YzVhVDFBWmYrdk0x
|
|
||||||
RHNmUlREOEppWm1OQnR5eENPeFV2UWMKLS0tIGYxZ0RmTGRLaTBCdTkyMXk2MVUr
|
|
||||||
VFFJTFRQWnFFV0MxbWpSUGNyUy83dHcKbl2wtGFCvh4m0/aKGQneWSV3cKdU7AbT
|
|
||||||
11piv6jq54GNdq6QtbuX4MlbOsDO18jm29WZ2sbbHANnU70jyybIIA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-22T05:18:57Z"
|
lastmodified: "2024-09-22T05:18:57Z"
|
||||||
mac: ENC[AES256_GCM,data:NaA8s3PRyhD9oVQr2DhsjuMVxT97SFwmH7hzRmq9eNXenwAsuJtJLV1MS9O9MW94rQo9aMeA5e//1jodTlkOgznnDoebX1m1cjXD88HMI3+NXu7f509HSlTKMopjst2PpOPGRq3Vt+SPHc9hV363O/rQBXiohCQ1o/YII1PBm1c=,iv:oqIeyit/UeISNrS6M6KZxJnzyk6f07NOa7dPK/VrtyM=,tag:CUEYuuNuvQeFJvat6tOpeQ==,type:str]
|
mac: ENC[AES256_GCM,data:NaA8s3PRyhD9oVQr2DhsjuMVxT97SFwmH7hzRmq9eNXenwAsuJtJLV1MS9O9MW94rQo9aMeA5e//1jodTlkOgznnDoebX1m1cjXD88HMI3+NXu7f509HSlTKMopjst2PpOPGRq3Vt+SPHc9hV363O/rQBXiohCQ1o/YII1PBm1c=,iv:oqIeyit/UeISNrS6M6KZxJnzyk6f07NOa7dPK/VrtyM=,tag:CUEYuuNuvQeFJvat6tOpeQ==,type:str]
|
||||||
|
|
Loading…
Reference in a new issue