diff --git a/.gitignore b/.gitignore index 3aadde7..d0bab2d 100644 --- a/.gitignore +++ b/.gitignore @@ -90,8 +90,12 @@ terraform.rc id_ed25519* tfplan output.json +inputs.tfvars # Nix .env* result *.qcow2 + +# Magalu CLI +mgc_cli diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..e9c9744 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,86 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/external" { + version = "2.3.4" + hashes = [ + "h1:saRbzhRhYh4urj+ARe8vIB0mlRspy6E/fPSyvwqjUW8=", + "zh:0e5eb3513d6ad5cc3196799a6e413c6a9c0b642ba6d8f84fc11efa48f58358a4", + "zh:1658beae42b4614d4009a3191710c86571ccf1dc526c4bac520a87ab701dd2e9", + "zh:28d937c13e90c170fc1e4b726a9bcf113aade53b95b3eccd335cd9eaba8acff5", + "zh:2ac19917bb83233f24391d4cbaf301bb6ec14013d3b7f93bdf64823280622daa", + "zh:3263d1808fc5252d586a9aa98d89086c912f53e1a3dc43bc5306364b358f04fa", + "zh:463469836637342495e22a936ef9ab3c8ab2fb47eb0fae09c346d63f3331af59", + "zh:53398a27492cd11f61b2f24c2601c12f50c39da32b90fd25aed7011a1e25a225", + "zh:5a44cfbcef52fd3c970144a69a934cab320bd3bb57939ae4682fc516783e2996", + "zh:65edb579d9d0dac42e77728d81da6e85ea30d3fe8f2cb6e5db82602ee8afa17e", + "zh:f2edd3027b7ae0d31a690fd5dcdcd22b467b4f1e045f84f2bc88289353ef9a5b", + ] +} + +provider "registry.opentofu.org/hashicorp/local" { + version = "2.5.2" + hashes = [ + "h1:6lS+5A/4WFAqY3/RHWFRBSiFVLPRjvLaUgxPQvjXLHU=", + "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", + "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", + "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", + "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", + "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", + "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", + "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", + "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", + "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", + "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", + ] +} + +provider "registry.opentofu.org/hashicorp/null" { + version = "3.2.3" + hashes = [ + "h1:LF8arSzHfhbyQSFtTMTYEqCM34klzrbAQBJMHYCs9d8=", + "zh:1d57d25084effd3fdfd902eca00020b34b1fb020253b84d7dd471301606015ac", + "zh:65b7f9799b88464d9c2ec529713b7f52ea744275b61a8dc86cdedab1b2dcb933", + "zh:80d3e9c95b7b4ae7c54005cd127cae82e5c53d2b7023ef24c147337bac9dadd9", + "zh:841b60c07683e4bf456799ccd718896fdafdcc2c49252ae09967f2e74d8c8a03", + "zh:8fa1c592a9c78222e35713c6edb3f1f818a4c6f3524a30a209f0a7e919827b68", + "zh:bb795cc1429e09466840c09d39a28edf1db5070b1ec76822fc1173906a264572", + "zh:da1784818a89bea29dfe660632f0060a7a843e4e564d74435fbeca002b0f7d2a", + "zh:f409bf21b1cdaa6dac47cd79806f3d93f67e9507fe4dbf33b0165335f53bc2e1", + "zh:fbea7a1ff84b430ba9594698e93196d81d03e4036de3d1cafccb2a96d5b38581", + "zh:fbf0c84663a7e85881388d7d71ac862184f05fbf2d17ecf76bc5d3d7503ea260", + ] +} + +provider "registry.opentofu.org/hashicorp/tls" { + version = "4.0.6" + hashes = [ + "h1:EJoUGDo7L52Iu22cA1KCndJ9B1Rrfd75wyZzsScEnc0=", + "zh:4b53b372767e5068d9bbfc89199201c1ae4283dde2f0c301974f8abb4215791f", + "zh:5b4c308bd074c6d0bd560220e6ee10a9859ca9a1f29a59367b0477a740ff265e", + "zh:674dd6bc85597677e160ee601d88b21c5a974759a658769812d2904bd94bc042", + "zh:6ccc1c448349b56677ba66112aec7e0a58eb827f66209ca5f4077b81cce240fb", + "zh:8aa6e13a5d722b74230937ea21e8b4994e53340d95b5691cf6cf3518b9f38e6e", + "zh:8b27e55e4c7fa887774860113b95c8f7f68804b002fa47f0eb8e3a485997287e", + "zh:a430b5a3e8753d8f61784de49e538ac4abed19fb665fccd8a10b55402fe9f076", + "zh:b07c978c335ae9fc12f9c221629610775e4ae36691ed4e7ba258d275dd58a243", + "zh:bbec8cb1efc84ee3026c793956a4a4cd0ece20b89d2d4f7d954c68e7f6d596d0", + "zh:e684e247424188dc3b500a543b1a8046d1c0ec08c2a90aedca0c4f6bb56bedbd", + ] +} + +provider "registry.terraform.io/magalucloud/mgc" { + version = "0.30.0" + hashes = [ + "h1:Yaf3g/iWyGV3MyIYI6ew0RwXpHYvm7WKmATxUsjRnDY=", + "zh:084c3169b47883baded6bb817a008342ffb6a3dc4344c85341c51270cb9ae92f", + "zh:18e8fa4e6d339ae8e20e033b4435afb459b2c187af741cf2184d3b88d6c413a8", + "zh:6a07ecb7ddc52f6ade2f4429466f0453014d6671cd3e99c8a7fadf618594a8ed", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:8db7908bb973c9e4fc3bffe4cdfabdc601160607fcbc93a86f5939ac9d8c4912", + "zh:aabf0889433df33c5fd85fccc551128730536087d12cdab1a97ebc4e1ea20299", + "zh:b7c7ec3c762cc43c0a99a8163bb7e32fcb59e688fe89e36c44d838980c80becf", + "zh:c542846a70d435605a826005ab1fb98bdba32dafc2cf5d14e707e50ff8f6a5c5", + "zh:cc5fe9366ae27348583f8b3fc9c4ec020e4ced41319af1073ab7ebdecd4600be", + ] +} diff --git a/configuration.nix b/configuration.nix index 1901155..f4d5dda 100644 --- a/configuration.nix +++ b/configuration.nix @@ -6,7 +6,7 @@ ]; # Nix configuration - nix.settings.trusted-users = ["@wheel"]; + nix.settings.trusted-users = [ "@wheel" ]; nix = { package = pkgs.nixVersions.stable; extraOptions = '' diff --git a/flake.nix b/flake.nix index 2f8fe9f..0e9769f 100644 --- a/flake.nix +++ b/flake.nix @@ -40,17 +40,16 @@ # Modules bootstrap = [ - ./modules/configuration.nix + ./configuration.nix ./modules/extras.nix ./modules/networking.nix ./modules/users.nix ]; cloud = [ - ./configuration.nix + ./modules/erlang.nix ./modules/nginx.nix ./modules/postgres.nix - ./modules/secrets.nix ] ++ bootstrap; # Qemu Setup diff --git a/hardware-configuration.nix b/hardware-configuration.nix index af68635..8743fbb 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -1,9 +1,13 @@ -{modulesPath, ...}: { - imports = [(modulesPath + "/profiles/qemu-guest.nix")]; +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot = { - initrd.availableKernelModules = ["ata_piix" "uhci_hcd"]; - kernelModules = ["kvm-intel"]; + initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + ]; + kernelModules = [ "kvm-intel" ]; }; zramSwap.enable = true; diff --git a/justfile b/justfile index 99a0713..8dd1e85 100644 --- a/justfile +++ b/justfile @@ -43,21 +43,21 @@ rekey: cd secrets && nix run github:ryantm/agenix -- -r # ------------------ -# Terraform Commands +# Tofu Commands # ------------------ -# Updates terraform variables +# Updates tofu variables update-vars: @./generate-inputs.sh --flake ".#{{ target_vm_bootstap }}" --region {{ target_region }} -# Runs `terraform plan` +# Runs `tofu plan` plan: - terraform plan -var-file="inputs.tfvars" -out tfplan + tofu plan -var-file="inputs.tfvars" -out tfplan -# Runs `terraform apply` +# Runs `tofu apply` apply: - terraform apply "tfplan" + tofu apply "tfplan" -# Destroys Terraform infra +# Destroys tofu infra destroy: - terraform apply -destroy -var-file="inputs.tfvars" + tofu apply -destroy -var-file="inputs.tfvars" diff --git a/main.tf b/main.tf index 4678562..23f4d0c 100644 --- a/main.tf +++ b/main.tf @@ -21,6 +21,11 @@ variable "flake" { default = "bootstrap" } +variable "vm_type" { + type = string + default = "BV2-8-40" +} + # --------- # Provider # --------- @@ -45,10 +50,12 @@ provider "mgc" { # ----------- # Networking # ----------- -resource "mgc_network_vpcs" "vpc" { - name = "${var.prefix}-vpc" - description = "VPC" -} +# TODO: Add VPC +#resource "mgc_network_vpc" "vpc" { +# provider = mgc.se +# name = "${var.prefix}-vpc" +# description = "${var.prefix}-vpc" +#} resource "mgc_network_security_groups" "sg" { name = "${var.prefix}-${var.region}-sg" @@ -128,20 +135,23 @@ resource "mgc_block_storage_volumes" "volume" { } resource "mgc_virtual_machine_instances" "vm" { - provider = mgc.sudeste + provider = mgc.se name = var.prefix machine_type = { - name = "cloud-bs1.xsmall" + name = var.vm_type } image = { - name = "cloud-ubuntu-22.04 LTS" + name = "cloud-debian-12 LTS" } network = { associate_public_ip = true - delete_public_ip = true + + #vpc = { + # id = mgc_network_vpc.vpc.network_id + #} interface = { security_groups = [{ @@ -150,20 +160,22 @@ resource "mgc_virtual_machine_instances" "vm" { } } + user_data = filebase64("${path.module}/templates/user_data.sh") + ssh_key_name = mgc_ssh_keys.ssh_key.name } # Attaching the VM with Block Storage -resource "mgc_block_storage_volume-attachment" "attached_block_storage" { - block_storage_id = mgc_block-storage_volumes.volume.id - virtual_machine_id = mgc_virtual-machine_instances.vm.id +resource "mgc_block_storage_volume_attachment" "va" { + block_storage_id = mgc_block_storage_volumes.volume.id + virtual_machine_id = mgc_virtual_machine_instances.vm.id } # This ensures that the instance is reachable via `ssh` before we deploy NixOS resource "null_resource" "wait" { provisioner "remote-exec" { connection { - host = mgc_virtual_machine_instances.vm.network.public_address + host = mgc_virtual_machine_instances.vm.network.public_address private_key = tls_private_key.ssh_key.private_key_openssh } @@ -171,18 +183,17 @@ resource "null_resource" "wait" { } } - # ------------- # Provisioning # ------------- module "deploy" { - source = "github.com/nix-community/nixos-anywhere//terraform/all-in-one" - nixos_system_attr = ".#nixosConfigurations.${var.flake}.config.system.build.toplevel" + source = "github.com/nix-community/nixos-anywhere//terraform/all-in-one" + nixos_system_attr = ".#nixosConfigurations.${var.flake}.config.system.build.toplevel" nixos_partitioner_attr = ".#nixosConfigurations.${var.flake}.config.system.build.diskoScript" - debug_logging = true + debug_logging = true - instance_id = mgc_virtual_machine_instances.vm.id - target_host = mgc_virtual_machine_instances.vm.network.public_address + instance_id = mgc_virtual_machine_instances.vm.id + target_host = mgc_virtual_machine_instances.vm.network.public_address install_user = "debian" } @@ -203,7 +214,7 @@ resource "local_file" "nix_output" { resource "local_file" "output" { content = jsonencode({ - public_ip = mgc_virtual_machine_instances.vm.network.public_address + public_ip = mgc_virtual_machine_instances.vm.network.public_address }) filename = "${path.module}/output.json" } diff --git a/templates/user_data.sh b/templates/user_data.sh new file mode 100755 index 0000000..f62764e --- /dev/null +++ b/templates/user_data.sh @@ -0,0 +1,2 @@ +#!/bin/sh +(umask 377; echo '${tls_private_key.ssh_key.private_key_openssh}' > /var/lib/id_ed25519)