vultr, redo

Signed-off-by: Christine Dodrill <me@christine.website>

.gitignore

@@ -0,0 +1,2 @@
+.redo
+result-*

common/cloud/vultr.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  services.cloud-init.enable = true;
+  services.cloud-init.ext4.enable = true;
+
+  boot.initrd.availableKernelModules =
+    [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+}

common/paranoid.nix

@@ -28,8 +28,8 @@ in {
     fileSystems."/var/lib".options = ifNoexec;
     fileSystems."/var/log".options = ifNoexec;
     
-    fileSystems."/boot" = {
-      device = "/dev/disk/by-label/boot";
+    fileSystems."/boot" = mkForce {
+      device = "/dev/disk/by-label/ESP";
       fsType = "vfat";
     };
 

images/amazon-aarch64-build.nix

@@ -0,0 +1,5 @@
+import ./build.nix {
+  configFile = ./amazon.nix;
+  format = "vpc";
+  system = "aarch64-linux";
+}

images/amazon-aarch64.do

@@ -0,0 +1,4 @@
+exec >&2
+redo-always
+
+nix-build amazon-aarch64-build.nix -o result-amazon-aarch64

images/amazon-build.nix

@@ -0,0 +1,4 @@
+import ./build.nix {
+  configFile = ./amazon.nix;
+  format = "vpc";
+}

images/amazon.do

@@ -0,0 +1,4 @@
+exec >&2
+redo-always
+
+nix-build amazon-build.nix -o result-amazon

images/build.nix

@@ -1,13 +1,15 @@
+{ format, configFile, system ? "x86_64-linux" }:
+
 let
   sources = import ../nix/sources.nix;
   pkgs = import sources.nixpkgs { };
   config = (import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
-    system = "x86_64-linux";
-    modules = [ ./configuration.nix ];
+    inherit system;
+    modules = [ configFile ];
   });
 
 in import ./make-image.nix {
   inherit (config) config pkgs;
   inherit (config.pkgs) lib;
-  format = "vpc"; # change this for other clouds
+  inherit format configFile;
 }

images/default.do

@@ -0,0 +1 @@
+redo-ifchange amazon vultr

images/make-image.nix

@@ -18,7 +18,7 @@
 
 , # The initial NixOS configuration file to be copied to
   # /etc/nixos/configuration.nix.
-  configFile ? ./configuration.nix
+  configFile
 
 , # Shell code executed after the VM has finished.
   postVM ? ""
@@ -137,7 +137,7 @@ let
       mkdir -p /mnt/{boot,nix,etc/{nixos,ssh},var/{lib,log},srv}
 
       mkdir -p /mnt/boot
-      mkfs.vfat /dev/vda2 -n boot
+      mkfs.vfat /dev/vda2 -n ESP
       mount -t vfat /dev/vda2 /mnt/boot
 
       mkfs.ext4 -L nix /dev/vda3

images/vultr-build.nix

@@ -0,0 +1,4 @@
+import ./build.nix {
+  configFile = ./vultr.nix;
+  format = "raw";
+}

images/vultr.do

@@ -0,0 +1,4 @@
+exec >&2
+redo-always
+
+nix-build vultr-build.nix -o result-vultr

images/vultr.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, lib, modulesPath, ... }:
+
+{
+  imports = [ ../common ../common/cloud/vultr.nix ];
+
+  xeserv.paranoid.enable = true;
+}
+

shell.nix

@@ -2,6 +2,7 @@
 
 pkgs.mkShell {
   buildInputs = with pkgs; [
+    redo-apenwarr
     terraform
     niv
 

terraform/bootstrap/bootstrap.tf

@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 resource "aws_s3_bucket" "bucket" {
-  bucket = "xeserv-tf-state-paranoid"
+  bucket = "xeserv-tf-state"
   acl    = "private"
 
   tags = {

terraform/bootstrap/terraform.tfstate

@@ -1,8 +1,59 @@
 {
   "version": 4,
-  "terraform_version": "1.0.4",
-  "serial": 3,
+  "terraform_version": "1.0.0",
+  "serial": 5,
   "lineage": "f70bcdee-6de7-dd3f-6e7f-749ded4ad6b1",
   "outputs": {},
-  "resources": []
+  "resources": [
+    {
+      "mode": "managed",
+      "type": "aws_s3_bucket",
+      "name": "bucket",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "acceleration_status": "",
+            "acl": "private",
+            "arn": "arn:aws:s3:::xeserv-tf-state",
+            "bucket": "xeserv-tf-state",
+            "bucket_domain_name": "xeserv-tf-state.s3.amazonaws.com",
+            "bucket_prefix": null,
+            "bucket_regional_domain_name": "xeserv-tf-state.s3.amazonaws.com",
+            "cors_rule": [],
+            "force_destroy": false,
+            "grant": [],
+            "hosted_zone_id": "Z3AQBSTGFYJSTF",
+            "id": "xeserv-tf-state",
+            "lifecycle_rule": [],
+            "logging": [],
+            "object_lock_configuration": [],
+            "policy": null,
+            "region": "us-east-1",
+            "replication_configuration": [],
+            "request_payer": "BucketOwner",
+            "server_side_encryption_configuration": [],
+            "tags": {
+              "Name": "Terraform State"
+            },
+            "tags_all": {
+              "Name": "Terraform State"
+            },
+            "versioning": [
+              {
+                "enabled": false,
+                "mfa_delete": false
+              }
+            ],
+            "website": [],
+            "website_domain": null,
+            "website_endpoint": null
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    }
+  ]
 }