various updates

This commit is contained in:
Jörg Thalheim 2024-02-09 11:54:32 +01:00
parent e0f1dbc89e
commit 4de82d7a89
11 changed files with 45 additions and 48 deletions

View File

@ -2,8 +2,5 @@
export GITLAB_USER=<your-gitlab-username> export GITLAB_USER=<your-gitlab-username>
export GITLAB_TOKEN=<your-gitlab-token> export GITLAB_TOKEN=<your-gitlab-token>
# https://app.netlify.com/user/applications#personal-access-tokens
export NETLIFY_TOKEN=<your-netlify-token>
# https://console.hetzner.cloud/projects/2356507/security/tokens # https://console.hetzner.cloud/projects/2356507/security/tokens
export HCLOUD_TOKEN=<your-hetzner-token> export HCLOUD_TOKEN=<your-hetzner-token>

View File

@ -45,16 +45,19 @@
}; };
packages.default = packages.default =
pkgs.mkShell { pkgs.mkShell {
packages = [ packages =
let
halalify = drv: drv.overrideAttrs (_old: { meta = _old.meta // { license = lib.licenses.free; }; });
in
[
pkgs.bashInteractive pkgs.bashInteractive
pkgs.sops pkgs.sops
(pkgs.opentofu.withPlugins (p: [ (halalify (pkgs.terraform.withPlugins (p: [
p.netlify
p.hcloud p.hcloud
p.null p.null
p.external p.external
p.local p.local
])) ])))
]; ];
}; };

View File

@ -55,8 +55,8 @@ in
}; # Github login }; # Github login
extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha
extensions.StopForumSpam = pkgs.fetchzip { extensions.StopForumSpam = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/StopForumSpam-REL1_41-0abdc44.tar.gz"; url = "https://extdist.wmflabs.org/dist/extensions/StopForumSpam-REL1_41-73c94fb.tar.gz";
hash = "sha256-FLaL8ztlJtUPh76/3WCFPKuH2+gjz1paaWWZ8pu66hA="; hash = "sha256-UVRKDqgg4abj5gnbx8fytkkOeEwC+o68SEYlG4WFrcU=";
}; };
extraConfig = '' extraConfig = ''

View File

@ -1 +0,0 @@
../staging.nixos-wiki.thalheim.io/apply.sh

7
targets/admins/apply.sh Executable file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -euo pipefail
rm -f .terraform.lock.hcl
terraform init -backend-config="password=$GITLAB_TOKEN" -backend-config="username=$GITLAB_USER"
terraform apply

View File

@ -10,7 +10,7 @@ terraform {
} }
module "wiki" { module "wiki" {
source = "../../modules/admins" source = "../../terraform/admins"
ssh_keys = { ssh_keys = {
mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine" mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
julien = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma" julien = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"

View File

@ -1 +1 @@
{"ipv6_address":"2a01:4f9:c012:afb9::1","ssh_keys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"]} {"ipv6_address":"2a01:4f9:c012:4fe3::1","ssh_keys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"]}

View File

@ -1,8 +1,8 @@
terraform { terraform {
backend "http" { backend "http" {
address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/nixos-wiki2.thalheim.io" address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io"
lock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/nixos-wiki2.thalheim.io/lock" lock_address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
unlock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/nixos-wiki2.thalheim.io/lock" unlock_address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
lock_method = "POST" lock_method = "POST"
unlock_method = "DELETE" unlock_method = "DELETE"
retry_wait_min = "5" retry_wait_min = "5"
@ -11,7 +11,6 @@ terraform {
module "wiki" { module "wiki" {
source = "../../terraform/nixos-wiki" source = "../../terraform/nixos-wiki"
netlify_dns_zone = "nixos-wiki2.thalheim.io"
domain = "nixos-wiki2.thalheim.io" domain = "nixos-wiki2.thalheim.io"
nixos_flake_attr = "nixos-wiki2-thalheim-io" nixos_flake_attr = "nixos-wiki2-thalheim-io"
nixos_vars_file = "${path.module}/nixos-vars.json" nixos_vars_file = "${path.module}/nixos-vars.json"
@ -21,3 +20,11 @@ module "wiki" {
Target = "nixos-wiki2.thalheim.io" Target = "nixos-wiki2.thalheim.io"
} }
} }
output "ipv4_address" {
value = module.wiki.ipv4_address
}
output "ipv6_address" {
value = module.wiki.ipv6_address
}

View File

@ -1,18 +0,0 @@
resource "netlify_dns_zone" "nixos" {
site_id = ""
name = var.netlify_dns_zone
}
resource "netlify_dns_record" "nixos_wiki_a" {
zone_id = netlify_dns_zone.nixos.id
hostname = var.domain
type = "A"
value = hcloud_server.nixos_wiki.ipv4_address
}
resource "netlify_dns_record" "nixos_wiki_aaaa" {
zone_id = netlify_dns_zone.nixos.id
hostname = var.domain
type = "AAAA"
value = hcloud_server.nixos_wiki.ipv6_address
}

View File

@ -41,3 +41,11 @@ locals {
ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key
} }
} }
output "ipv4_address" {
value = hcloud_server.nixos_wiki.ipv4_address
}
output "ipv6_address" {
value = hcloud_server.nixos_wiki.ipv6_address
}

View File

@ -1,6 +1,5 @@
terraform { terraform {
required_providers { required_providers {
netlify = { source = "AegirHealth/netlify" }
hcloud = { source = "hetznercloud/hcloud" } hcloud = { source = "hetznercloud/hcloud" }
local = { source = "hashicorp/local" } local = { source = "hashicorp/local" }
} }

View File

@ -1,6 +1,6 @@
variable "server_type" { variable "server_type" {
type = string type = string
default = "cx21" default = "cpx21"
description = "Hetzner cloud server type" description = "Hetzner cloud server type"
} }
@ -10,11 +10,6 @@ variable "server_location" {
description = "Hetzner cloud server location" description = "Hetzner cloud server location"
} }
variable "netlify_dns_zone" {
type = string
description = "Netlify DNS zone"
}
variable "nixos_vars_file" { variable "nixos_vars_file" {
type = string type = string
description = "File to write NixOS configuration variables to" description = "File to write NixOS configuration variables to"