From 3a2cc9c72be2894efe50ee232566de5d851e3337 Mon Sep 17 00:00:00 2001 From: Christine Dodrill Date: Sun, 15 Aug 2021 17:27:31 +0000 Subject: [PATCH] vultr, redo Signed-off-by: Christine Dodrill --- .gitignore | 2 + common/cloud/vultr.nix | 18 ++++++++ common/paranoid.nix | 4 +- images/amazon-aarch64-build.nix | 5 +++ images/amazon-aarch64.do | 4 ++ images/amazon-build.nix | 4 ++ images/amazon.do | 4 ++ images/{configuration.nix => amazon.nix} | 0 images/build.nix | 8 ++-- images/default.do | 1 + images/make-image.nix | 4 +- images/vultr-build.nix | 4 ++ images/vultr.do | 4 ++ images/vultr.nix | 8 ++++ shell.nix | 1 + terraform/bootstrap/bootstrap.tf | 2 +- terraform/bootstrap/terraform.tfstate | 57 ++++++++++++++++++++++-- 17 files changed, 119 insertions(+), 11 deletions(-) create mode 100644 .gitignore create mode 100644 common/cloud/vultr.nix create mode 100644 images/amazon-aarch64-build.nix create mode 100644 images/amazon-aarch64.do create mode 100644 images/amazon-build.nix create mode 100644 images/amazon.do rename images/{configuration.nix => amazon.nix} (100%) create mode 100644 images/default.do create mode 100644 images/vultr-build.nix create mode 100644 images/vultr.do create mode 100644 images/vultr.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7d48d09 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.redo +result-* diff --git a/common/cloud/vultr.nix b/common/cloud/vultr.nix new file mode 100644 index 0000000..33cab9f --- /dev/null +++ b/common/cloud/vultr.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + services.cloud-init.enable = true; + services.cloud-init.ext4.enable = true; + + boot.initrd.availableKernelModules = + [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; +} diff --git a/common/paranoid.nix b/common/paranoid.nix index 6e4a685..247cd85 100644 --- a/common/paranoid.nix +++ b/common/paranoid.nix @@ -28,8 +28,8 @@ in { fileSystems."/var/lib".options = ifNoexec; fileSystems."/var/log".options = ifNoexec; - fileSystems."/boot" = { - device = "/dev/disk/by-label/boot"; + fileSystems."/boot" = mkForce { + device = "/dev/disk/by-label/ESP"; fsType = "vfat"; }; diff --git a/images/amazon-aarch64-build.nix b/images/amazon-aarch64-build.nix new file mode 100644 index 0000000..9d5e359 --- /dev/null +++ b/images/amazon-aarch64-build.nix @@ -0,0 +1,5 @@ +import ./build.nix { + configFile = ./amazon.nix; + format = "vpc"; + system = "aarch64-linux"; +} diff --git a/images/amazon-aarch64.do b/images/amazon-aarch64.do new file mode 100644 index 0000000..3e73a96 --- /dev/null +++ b/images/amazon-aarch64.do @@ -0,0 +1,4 @@ +exec >&2 +redo-always + +nix-build amazon-aarch64-build.nix -o result-amazon-aarch64 diff --git a/images/amazon-build.nix b/images/amazon-build.nix new file mode 100644 index 0000000..96c0825 --- /dev/null +++ b/images/amazon-build.nix @@ -0,0 +1,4 @@ +import ./build.nix { + configFile = ./amazon.nix; + format = "vpc"; +} diff --git a/images/amazon.do b/images/amazon.do new file mode 100644 index 0000000..bcf606d --- /dev/null +++ b/images/amazon.do @@ -0,0 +1,4 @@ +exec >&2 +redo-always + +nix-build amazon-build.nix -o result-amazon diff --git a/images/configuration.nix b/images/amazon.nix similarity index 100% rename from images/configuration.nix rename to images/amazon.nix diff --git a/images/build.nix b/images/build.nix index c6c478c..37bdd10 100644 --- a/images/build.nix +++ b/images/build.nix @@ -1,13 +1,15 @@ +{ format, configFile, system ? "x86_64-linux" }: + let sources = import ../nix/sources.nix; pkgs = import sources.nixpkgs { }; config = (import "${sources.nixpkgs}/nixos/lib/eval-config.nix" { - system = "x86_64-linux"; - modules = [ ./configuration.nix ]; + inherit system; + modules = [ configFile ]; }); in import ./make-image.nix { inherit (config) config pkgs; inherit (config.pkgs) lib; - format = "vpc"; # change this for other clouds + inherit format configFile; } diff --git a/images/default.do b/images/default.do new file mode 100644 index 0000000..1e9592e --- /dev/null +++ b/images/default.do @@ -0,0 +1 @@ +redo-ifchange amazon vultr \ No newline at end of file diff --git a/images/make-image.nix b/images/make-image.nix index e5813b7..e5cbb2c 100644 --- a/images/make-image.nix +++ b/images/make-image.nix @@ -18,7 +18,7 @@ , # The initial NixOS configuration file to be copied to # /etc/nixos/configuration.nix. - configFile ? ./configuration.nix + configFile , # Shell code executed after the VM has finished. postVM ? "" @@ -137,7 +137,7 @@ let mkdir -p /mnt/{boot,nix,etc/{nixos,ssh},var/{lib,log},srv} mkdir -p /mnt/boot - mkfs.vfat /dev/vda2 -n boot + mkfs.vfat /dev/vda2 -n ESP mount -t vfat /dev/vda2 /mnt/boot mkfs.ext4 -L nix /dev/vda3 diff --git a/images/vultr-build.nix b/images/vultr-build.nix new file mode 100644 index 0000000..eff98e2 --- /dev/null +++ b/images/vultr-build.nix @@ -0,0 +1,4 @@ +import ./build.nix { + configFile = ./vultr.nix; + format = "raw"; +} diff --git a/images/vultr.do b/images/vultr.do new file mode 100644 index 0000000..ebf4b51 --- /dev/null +++ b/images/vultr.do @@ -0,0 +1,4 @@ +exec >&2 +redo-always + +nix-build vultr-build.nix -o result-vultr diff --git a/images/vultr.nix b/images/vultr.nix new file mode 100644 index 0000000..03d350b --- /dev/null +++ b/images/vultr.nix @@ -0,0 +1,8 @@ +{ config, pkgs, lib, modulesPath, ... }: + +{ + imports = [ ../common ../common/cloud/vultr.nix ]; + + xeserv.paranoid.enable = true; +} + diff --git a/shell.nix b/shell.nix index dfcb78e..ddf03cb 100644 --- a/shell.nix +++ b/shell.nix @@ -2,6 +2,7 @@ pkgs.mkShell { buildInputs = with pkgs; [ + redo-apenwarr terraform niv diff --git a/terraform/bootstrap/bootstrap.tf b/terraform/bootstrap/bootstrap.tf index 10020a8..e1e49c8 100644 --- a/terraform/bootstrap/bootstrap.tf +++ b/terraform/bootstrap/bootstrap.tf @@ -3,7 +3,7 @@ provider "aws" { } resource "aws_s3_bucket" "bucket" { - bucket = "xeserv-tf-state-paranoid" + bucket = "xeserv-tf-state" acl = "private" tags = { diff --git a/terraform/bootstrap/terraform.tfstate b/terraform/bootstrap/terraform.tfstate index a6c2a62..6c2b9fa 100644 --- a/terraform/bootstrap/terraform.tfstate +++ b/terraform/bootstrap/terraform.tfstate @@ -1,8 +1,59 @@ { "version": 4, - "terraform_version": "1.0.4", - "serial": 3, + "terraform_version": "1.0.0", + "serial": 5, "lineage": "f70bcdee-6de7-dd3f-6e7f-749ded4ad6b1", "outputs": {}, - "resources": [] + "resources": [ + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "bucket", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "private", + "arn": "arn:aws:s3:::xeserv-tf-state", + "bucket": "xeserv-tf-state", + "bucket_domain_name": "xeserv-tf-state.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "xeserv-tf-state.s3.amazonaws.com", + "cors_rule": [], + "force_destroy": false, + "grant": [], + "hosted_zone_id": "Z3AQBSTGFYJSTF", + "id": "xeserv-tf-state", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "policy": null, + "region": "us-east-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [], + "tags": { + "Name": "Terraform State" + }, + "tags_all": { + "Name": "Terraform State" + }, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + } + ] }