made s3 buckets work
This commit is contained in:
parent
de8a334588
commit
cea37fb8ca
13 changed files with 76 additions and 103 deletions
|
@ -1308,11 +1308,11 @@
|
|||
"secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1703323989,
|
||||
"narHash": "sha256-YC2itrHIVrg1TazWnsuZ51BBYD3HJMFKONgh9RWn5Qk=",
|
||||
"lastModified": 1704582381,
|
||||
"narHash": "sha256-GC56ZF7qAtRqxF/SchmlVN86mA4BMwRFRz411utqUvc=",
|
||||
"ref": "main",
|
||||
"rev": "23c91088d677f3f1e7d21bb1a8afd4f729d1e030",
|
||||
"revCount": 61,
|
||||
"rev": "cd333595c000cd2b1cbce7b2a6027fd6c3f07769",
|
||||
"revCount": 62,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
|
||||
},
|
||||
|
|
|
@ -48,6 +48,7 @@ with lib;
|
|||
locations."/" = {
|
||||
root = pkgs.landingpage.override {
|
||||
jsonConfig = [
|
||||
{ title = config.networking.hostName; }
|
||||
{ title = "System Links"; }
|
||||
{
|
||||
text = "Syncthings";
|
||||
|
|
|
@ -40,6 +40,7 @@ let
|
|||
"loki.chungus" = hosts.chungus;
|
||||
"prometheus.chungus" = hosts.chungus;
|
||||
"s3.chungus" = hosts.chungus;
|
||||
"minio.chungus" = hosts.chungus;
|
||||
"sync.chungus" = hosts.chungus;
|
||||
"tdarr.chungus" = hosts.chungus;
|
||||
"trilium.chungus" = hosts.chungus;
|
||||
|
|
|
@ -13,6 +13,10 @@ with lib;
|
|||
units
|
||||
|
||||
parallel
|
||||
|
||||
wget
|
||||
curl
|
||||
|
||||
];
|
||||
}
|
||||
(mkIf config.gui.enable {
|
||||
|
|
|
@ -3,11 +3,21 @@
|
|||
services.minio = {
|
||||
enable = true;
|
||||
region = "home";
|
||||
rootCredentialsFile = config.sops.secrets.minioRootCredentials.path;
|
||||
};
|
||||
|
||||
sops.secrets.minioRootCredentials = { };
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."s3.${config.networking.hostName}.private" = {
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://localhost:9000";
|
||||
};
|
||||
};
|
||||
virtualHosts."minio.${config.networking.hostName}.private" = {
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
|
|
18
terraform/terranix.org/targets/namecheap/__backend.tf
Normal file
18
terraform/terranix.org/targets/namecheap/__backend.tf
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
|
||||
terraform {
|
||||
backend "s3" {
|
||||
bucket = "terraform-state-terranix-website"
|
||||
encrypt = false
|
||||
endpoint = "http://s3.chungus.private"
|
||||
force_path_style = true
|
||||
iam_endpoint = "http://s3.chungus.private"
|
||||
key = "namecheap/terraform.tfstate"
|
||||
region = "home"
|
||||
skip_credentials_validation = true
|
||||
skip_metadata_api_check = true
|
||||
skip_region_validation = true
|
||||
skip_requesting_account_id = true
|
||||
skip_s3_checksum = true
|
||||
sts_endpoint = "http://s3.chunugs.private"
|
||||
}
|
||||
}
|
|
@ -1,4 +1,8 @@
|
|||
|
||||
include {
|
||||
path = find_in_parent_folders()
|
||||
}
|
||||
|
||||
inputs = {
|
||||
namecheap_user = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/username")
|
||||
namecheap_api_key = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/api-key")
|
||||
|
@ -24,7 +28,7 @@ provider "namecheap" {
|
|||
api_key = var.namecheap_api_key
|
||||
}
|
||||
|
||||
variable "namecheap_user" { }
|
||||
variable "namecheap_api_key" { }
|
||||
variable "namecheap_user" {}
|
||||
variable "namecheap_api_key" {}
|
||||
EOF
|
||||
}
|
31
terraform/terranix.org/targets/terragrunt.hcl
Normal file
31
terraform/terranix.org/targets/terragrunt.hcl
Normal file
|
@ -0,0 +1,31 @@
|
|||
|
||||
remote_state {
|
||||
backend = "s3"
|
||||
generate = {
|
||||
path = "__backend.tf"
|
||||
if_exists = "overwrite"
|
||||
}
|
||||
config = {
|
||||
bucket = "terraform-state-terranix-website"
|
||||
key = "${path_relative_to_include()}/terraform.tfstate"
|
||||
region = "home"
|
||||
encrypt = false
|
||||
|
||||
endpoint = "http://s3.chungus.private"
|
||||
iam_endpoint = "http://s3.chungus.private"
|
||||
sts_endpoint = "http://s3.chunugs.private"
|
||||
|
||||
force_path_style = true
|
||||
enable_lock_table_ssencryption = false
|
||||
skip_s3_checksum = true
|
||||
skip_bucket_public_access_blocking = true
|
||||
skip_bucket_enforced_tls = true
|
||||
skip_credentials_validation = true
|
||||
skip_bucket_root_access = true # use only if the AWS account root user should not have access to the remote state bucket for some reason
|
||||
skip_bucket_versioning = true # use only if the object store does not support versioning
|
||||
skip_bucket_ssencryption = true # use only if non-encrypted Terraform State is required and/or the object store does not support server-side encryption
|
||||
skip_metadata_api_check = true
|
||||
skip_region_validation = true
|
||||
skip_requesting_account_id = true
|
||||
}
|
||||
}
|
|
@ -1,48 +0,0 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
hcloud-modules = pkgs.fetchgit {
|
||||
url = "https://github.com/mrVanDalo/terranix-hcloud.git";
|
||||
rev = "5fa359a482892cd973dcc6ecfc607f4709f24495";
|
||||
sha256 = "0smgmdiklj98y71fmcdjsqjq8l41i66hs8msc7k4m9dpkphqk86p";
|
||||
};
|
||||
|
||||
#nixosInfect = pkgs.fetchgit {
|
||||
# "url" = "https://github.com/elitak/nixos-infect.git";
|
||||
# rev = "928f9e5e1d63e77a91f2ca57ffa2be1fef3078ec";
|
||||
#sha256 = "0rs84c549l863vbnnqgnx7v6m2zlq0wz46jbhm4v1l1a25d966s1";
|
||||
#};
|
||||
in
|
||||
{
|
||||
imports = [ (toString hcloud-modules) ];
|
||||
|
||||
# configure admin ssh keys
|
||||
users.admins.palo.publicKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== cardno:000611343142";
|
||||
|
||||
users.admins.terranix.publicKey = "${lib.fileContents ./sshkey.pub}";
|
||||
|
||||
# configure provisioning private Key to be used when running provisioning on the machines
|
||||
provisioner.privateKeyFile = toString ./sshkey;
|
||||
|
||||
hcloud.nixserver = {
|
||||
playground = {
|
||||
enable = true;
|
||||
channel = "nixos-20.09";
|
||||
provisioners = [
|
||||
#{
|
||||
# file.source = "${nixosInfect}/nixos-infect";
|
||||
# file.destination = "/root/nixos-infect";
|
||||
#}
|
||||
{
|
||||
file.source = "${toString ./../../images/translate-setup}";
|
||||
file.destination = "/root/translate-setup";
|
||||
}
|
||||
];
|
||||
configurationFile = pkgs.writeText "configuration.nix" ''
|
||||
{ pkgs, lib, config, ... }:
|
||||
{ environment.systemPackages = [ pkgs.git ]; }
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -1,48 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
let
|
||||
terranix = pkgs.callPackage
|
||||
(pkgs.fetchgit {
|
||||
url = "https://github.com/mrVanDalo/terranix.git";
|
||||
rev = "2.3.0";
|
||||
sha256 = "030067h3gjc02llaa7rx5iml0ikvw6szadm0nrss2sqzshsfimm4";
|
||||
})
|
||||
{ };
|
||||
|
||||
terraform = pkgs.writers.writeBashBin "terraform" ''
|
||||
export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token`
|
||||
${pkgs.terraform_0_12}/bin/terraform "$@"
|
||||
'';
|
||||
|
||||
in
|
||||
pkgs.mkShell {
|
||||
|
||||
buildInputs = [
|
||||
|
||||
terranix
|
||||
terraform
|
||||
|
||||
(pkgs.writers.writeBashBin "prepare" ''
|
||||
set -e
|
||||
set -o pipefail
|
||||
${pkgs.openssh}/bin/ssh-keygen -P "" -f ${toString ./.}/sshkey
|
||||
'')
|
||||
|
||||
(pkgs.writers.writeBashBin "build" ''
|
||||
set -e
|
||||
set -o pipefail
|
||||
${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > config.tf.json
|
||||
${terraform}/bin/terraform init
|
||||
${terraform}/bin/terraform apply
|
||||
'')
|
||||
|
||||
(pkgs.writers.writeBashBin "cleanup" ''
|
||||
${terraform}/bin/terraform destroy
|
||||
rm ${toString ./.}/config.tf.json
|
||||
rm ${toString ./.}/sshkey
|
||||
rm ${toString ./.}/sshkey.pub
|
||||
rm ${toString ./.}/terraform.tfstate*
|
||||
'')
|
||||
|
||||
];
|
||||
|
||||
}
|
Loading…
Reference in a new issue