diff --git a/modules/flake/deploy.nix b/modules/flake/deploy.nix index 3333eb7..d5f1f3e 100644 --- a/modules/flake/deploy.nix +++ b/modules/flake/deploy.nix @@ -53,7 +53,7 @@ in autoRollback = false; magicRollback = true; user = "root"; - # remoteBuild = true; + remoteBuild = true; nodes = lib.mapAttrs genNode deployableNodes; }; } diff --git a/modules/flake/terranix.nix b/modules/flake/terranix.nix new file mode 100644 index 0000000..d2e6863 --- /dev/null +++ b/modules/flake/terranix.nix @@ -0,0 +1,35 @@ +{ + inputs, + ... +}: +{ + imports = [ + inputs.terranix.flakeModule + ]; + perSystem = + { pkgs, ... }: + let + package = pkgs.opentofu.withPlugins (p: [ + p.external + p.local + p.null + p.tls + p.incus + ]); + in + { + terranix = { + terranixConfigurations = { + tnix = { + terraformWrapper = { + inherit package; + }; + workdir = "terraform"; + modules = [ + # ../terranix/default.nix + ]; + }; + }; + }; + }; +} diff --git a/modules/flake/toplevel.nix b/modules/flake/toplevel.nix index f8c0704..4e288fc 100644 --- a/modules/flake/toplevel.nix +++ b/modules/flake/toplevel.nix @@ -6,11 +6,13 @@ inputs.nixos-unified.flakeModules.default inputs.nixos-unified.flakeModules.autoWire ]; - perSystem = { self', pkgs, ... }: { - # For 'nix fmt' - formatter = pkgs.nixpkgs-fmt; + perSystem = + { self', pkgs, ... }: + { + # For 'nix fmt' + formatter = pkgs.nixpkgs-fmt; - # Enables 'nix run' to activate. - packages.default = self'.packages.activate; - }; + # Enables 'nix run' to activate. + packages.default = self'.packages.activate; + }; } diff --git a/modules/terranix/default.nix b/modules/terranix/default.nix new file mode 100644 index 0000000..61875a4 --- /dev/null +++ b/modules/terranix/default.nix @@ -0,0 +1,101 @@ +{ config, lib, ... }: +{ + + terraform = { + cloud = { + hostname = "tofu.skdevstudios.com"; + organization = "skdevs"; + workspaces.name = "dev"; + }; + required_providers.incus = { + source = "lxc/incus"; + version = "0.3.1"; + }; + }; + variable = { + incus_token.type = "string"; + }; + + provider = { + incus = { + generate_client_certificates = true; + accept_remote_certificate = true; + remote = { + default = true; + name = "tofu-prod"; + scheme = "https"; + address = "olympus.tailfc9f5.ts.net"; + token = lib.tfRef "var.incus_token"; + }; + }; + }; + resource = { + incus_profile.d = { + name = "d"; + config = { + "limits.cpu" = "2"; + "security.nesting" = "true"; + "boot.autostart" = "true"; + "security.privileged" = "false"; + "security.syscalls.intercept.mount" = "false"; + }; + device = [ + { + name = "eth0"; + type = "nic"; + properties = { + network = "incusbr0"; + }; + } + { + name = "root"; + type = "disk"; + properties = { + pool = "default"; + path = "/"; + }; + } + ]; + }; + + incus_instance.observer-tofu = { + name = "observer-tofu"; + image = "images:nixos/25.05/amd64"; + profiles = [ "\${incus_profile.d.name}" ]; + config = { + "limits.cpu" = "1"; + "limits.memory" = "1GiB"; + }; + device = [ + { + name = "http"; + type = "proxy"; + properties = { + listen = "tcp:0.0.0.0:8889"; + connect = "tcp:127.0.0.1:3001"; + }; + } + ]; + }; + + incus_instance.forgejo-runner-tofu = { + name = "forgejo-runner-tofu"; + image = "images:nixos/25.05/amd64"; + profiles = [ "\${incus_profile.d.name}" ]; + config = { + "limits.cpu" = "6"; + "limits.memory" = "8GiB"; + }; + }; + + incus_instance.base-tofu = { + name = "base-tofu"; + image = "images:nixos/25.05/amd64"; + profiles = [ "\${incus_profile.d.name}" ]; + config = { + "limits.cpu" = "1"; + "limits.memory" = "1GiB"; + }; + }; + }; +}