diff --git a/configurations/nixos/forgejo-runner-tofu/default.nix b/configurations/nixos/forgejo-runner-tofu/default.nix index c61909a..886b1c4 100644 --- a/configurations/nixos/forgejo-runner-tofu/default.nix +++ b/configurations/nixos/forgejo-runner-tofu/default.nix @@ -30,8 +30,8 @@ in ]; }; sops.secrets.forgejo-runners-token = { - owner = "gitea-runner"; - group = "gitea-runner"; + # owner = "gitea-runner"; + # group = "gitea-runner"; mode = "0777"; }; services.gitea-actions-runner = { @@ -41,7 +41,10 @@ in enable = true; url = "https://git.skdevstudios.com"; name = "nix"; - labels = [ "native:host" ]; + labels = [ + "native:host" + "nix" + ]; tokenFile = config.sops.secrets.forgejo-runners-token.path; hostPackages = with pkgs; [ nix diff --git a/flake.lock b/flake.lock index f7d1885..5d35504 100644 --- a/flake.lock +++ b/flake.lock @@ -353,7 +353,8 @@ "nixos-generators": "nixos-generators", "nixos-unified": "nixos-unified", "nixpkgs": "nixpkgs_3", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "terranix": "terranix" } }, "sops-nix": { @@ -388,6 +389,45 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "terranix": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1747080393, + "owner": "typedrat", + "repo": "terranix", + "rev": "61c3bfe7b3884a84e9411046d53970d8f969a9b6", + "type": "github" + }, + "original": { + "owner": "typedrat", + "ref": "expose-config", + "repo": "terranix", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 9567577..31fb475 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,13 @@ disko.url = "https://flakehub.com/f/nix-community/disko/1.12.0.tar.gz"; deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + terranix = { + url = "github:typedrat/terranix/expose-config"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-parts.follows = "flake-parts"; + }; + }; nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; nixos-anywhere.url = "github:nix-community/nixos-anywhere/1.10.0"; diff --git a/modules/flake/deploy.nix b/modules/flake/deploy.nix index 3333eb7..d5f1f3e 100644 --- a/modules/flake/deploy.nix +++ b/modules/flake/deploy.nix @@ -53,7 +53,7 @@ in autoRollback = false; magicRollback = true; user = "root"; - # remoteBuild = true; + remoteBuild = true; nodes = lib.mapAttrs genNode deployableNodes; }; } diff --git a/modules/flake/terranix.nix b/modules/flake/terranix.nix new file mode 100644 index 0000000..d2e6863 --- /dev/null +++ b/modules/flake/terranix.nix @@ -0,0 +1,35 @@ +{ + inputs, + ... +}: +{ + imports = [ + inputs.terranix.flakeModule + ]; + perSystem = + { pkgs, ... }: + let + package = pkgs.opentofu.withPlugins (p: [ + p.external + p.local + p.null + p.tls + p.incus + ]); + in + { + terranix = { + terranixConfigurations = { + tnix = { + terraformWrapper = { + inherit package; + }; + workdir = "terraform"; + modules = [ + # ../terranix/default.nix + ]; + }; + }; + }; + }; +} diff --git a/modules/flake/toplevel.nix b/modules/flake/toplevel.nix index f8c0704..4e288fc 100644 --- a/modules/flake/toplevel.nix +++ b/modules/flake/toplevel.nix @@ -6,11 +6,13 @@ inputs.nixos-unified.flakeModules.default inputs.nixos-unified.flakeModules.autoWire ]; - perSystem = { self', pkgs, ... }: { - # For 'nix fmt' - formatter = pkgs.nixpkgs-fmt; + perSystem = + { self', pkgs, ... }: + { + # For 'nix fmt' + formatter = pkgs.nixpkgs-fmt; - # Enables 'nix run' to activate. - packages.default = self'.packages.activate; - }; + # Enables 'nix run' to activate. + packages.default = self'.packages.activate; + }; } diff --git a/modules/terranix/default.nix b/modules/terranix/default.nix new file mode 100644 index 0000000..61875a4 --- /dev/null +++ b/modules/terranix/default.nix @@ -0,0 +1,101 @@ +{ config, lib, ... }: +{ + + terraform = { + cloud = { + hostname = "tofu.skdevstudios.com"; + organization = "skdevs"; + workspaces.name = "dev"; + }; + required_providers.incus = { + source = "lxc/incus"; + version = "0.3.1"; + }; + }; + variable = { + incus_token.type = "string"; + }; + + provider = { + incus = { + generate_client_certificates = true; + accept_remote_certificate = true; + remote = { + default = true; + name = "tofu-prod"; + scheme = "https"; + address = "olympus.tailfc9f5.ts.net"; + token = lib.tfRef "var.incus_token"; + }; + }; + }; + resource = { + incus_profile.d = { + name = "d"; + config = { + "limits.cpu" = "2"; + "security.nesting" = "true"; + "boot.autostart" = "true"; + "security.privileged" = "false"; + "security.syscalls.intercept.mount" = "false"; + }; + device = [ + { + name = "eth0"; + type = "nic"; + properties = { + network = "incusbr0"; + }; + } + { + name = "root"; + type = "disk"; + properties = { + pool = "default"; + path = "/"; + }; + } + ]; + }; + + incus_instance.observer-tofu = { + name = "observer-tofu"; + image = "images:nixos/25.05/amd64"; + profiles = [ "\${incus_profile.d.name}" ]; + config = { + "limits.cpu" = "1"; + "limits.memory" = "1GiB"; + }; + device = [ + { + name = "http"; + type = "proxy"; + properties = { + listen = "tcp:0.0.0.0:8889"; + connect = "tcp:127.0.0.1:3001"; + }; + } + ]; + }; + + incus_instance.forgejo-runner-tofu = { + name = "forgejo-runner-tofu"; + image = "images:nixos/25.05/amd64"; + profiles = [ "\${incus_profile.d.name}" ]; + config = { + "limits.cpu" = "6"; + "limits.memory" = "8GiB"; + }; + }; + + incus_instance.base-tofu = { + name = "base-tofu"; + image = "images:nixos/25.05/amd64"; + profiles = [ "\${incus_profile.d.name}" ]; + config = { + "limits.cpu" = "1"; + "limits.memory" = "1GiB"; + }; + }; + }; +}