partial implementation of terranix

fix runner, added terranix
2025-06-20 13:10:49 -04:00 · 2025-06-20 13:10:04 -04:00
7 changed files with 199 additions and 11 deletions
--- a/configurations/nixos/forgejo-runner-tofu/default.nix
+++ b/configurations/nixos/forgejo-runner-tofu/default.nix
@ -30,8 +30,8 @@ in
    ];
  };
  sops.secrets.forgejo-runners-token = {
-    owner = "gitea-runner";
-    group = "gitea-runner";
+    # owner = "gitea-runner";
+    # group = "gitea-runner";
    mode = "0777";
  };
  services.gitea-actions-runner = {
@ -41,7 +41,10 @@ in
        enable = true;
        url = "https://git.skdevstudios.com";
        name = "nix";
-        labels = [ "native:host" ];
+        labels = [
+          "native:host"
+          "nix"
+        ];
        tokenFile = config.sops.secrets.forgejo-runners-token.path;
        hostPackages = with pkgs; [
          nix
--- a/flake.lock
+++ b/flake.lock
@ -353,7 +353,8 @@
        "nixos-generators": "nixos-generators",
        "nixos-unified": "nixos-unified",
        "nixpkgs": "nixpkgs_3",
-        "sops-nix": "sops-nix"
+        "sops-nix": "sops-nix",
+        "terranix": "terranix"
      }
    },
    "sops-nix": {
@ -388,6 +389,45 @@
        "type": "github"
      }
    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "terranix": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1747080393,
+        "owner": "typedrat",
+        "repo": "terranix",
+        "rev": "61c3bfe7b3884a84e9411046d53970d8f969a9b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "typedrat",
+        "ref": "expose-config",
+        "repo": "terranix",
+        "type": "github"
+      }
+    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
--- a/flake.nix
+++ b/flake.nix
@ -10,6 +10,13 @@
    disko.url = "https://flakehub.com/f/nix-community/disko/1.12.0.tar.gz";
    deploy-rs.url = "github:serokell/deploy-rs";
    deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
+    terranix = {
+      url = "github:typedrat/terranix/expose-config";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-parts.follows = "flake-parts";
+      };
+    };
    nix-index-database.url = "github:nix-community/nix-index-database";
    nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
    nixos-anywhere.url = "github:nix-community/nixos-anywhere/1.10.0";
--- a/modules/flake/deploy.nix
+++ b/modules/flake/deploy.nix
@ -53,7 +53,7 @@ in
    autoRollback = false;
    magicRollback = true;
    user = "root";
-    # remoteBuild = true;
+    remoteBuild = true;
    nodes = lib.mapAttrs genNode deployableNodes;
  };
 }
--- a/modules/flake/terranix.nix
+++ b/modules/flake/terranix.nix
@ -0,0 +1,35 @@
+{
+  inputs,
+  ...
+}:
+{
+  imports = [
+    inputs.terranix.flakeModule
+  ];
+  perSystem =
+    { pkgs, ... }:
+    let
+      package = pkgs.opentofu.withPlugins (p: [
+        p.external
+        p.local
+        p.null
+        p.tls
+        p.incus
+      ]);
+    in
+    {
+      terranix = {
+        terranixConfigurations = {
+          tnix = {
+            terraformWrapper = {
+              inherit package;
+            };
+            workdir = "terraform";
+            modules = [
+              # ../terranix/default.nix
+            ];
+          };
+        };
+      };
+    };
+}
--- a/modules/flake/toplevel.nix
+++ b/modules/flake/toplevel.nix
@ -6,11 +6,13 @@
    inputs.nixos-unified.flakeModules.default
    inputs.nixos-unified.flakeModules.autoWire
  ];
-  perSystem = { self', pkgs, ... }: {
-    # For 'nix fmt'
-    formatter = pkgs.nixpkgs-fmt;
+  perSystem =
+    { self', pkgs, ... }:
+    {
+      # For 'nix fmt'
+      formatter = pkgs.nixpkgs-fmt;

-    # Enables 'nix run' to activate.
-    packages.default = self'.packages.activate;
-  };
+      # Enables 'nix run' to activate.
+      packages.default = self'.packages.activate;
+    };
 }
--- a/modules/terranix/default.nix
+++ b/modules/terranix/default.nix
@ -0,0 +1,101 @@
+{ config, lib, ... }:
+{
+
+  terraform = {
+    cloud = {
+      hostname = "tofu.skdevstudios.com";
+      organization = "skdevs";
+      workspaces.name = "dev";
+    };
+    required_providers.incus = {
+      source = "lxc/incus";
+      version = "0.3.1";
+    };
+  };
+  variable = {
+    incus_token.type = "string";
+  };
+
+  provider = {
+    incus = {
+      generate_client_certificates = true;
+      accept_remote_certificate = true;
+      remote = {
+        default = true;
+        name = "tofu-prod";
+        scheme = "https";
+        address = "olympus.tailfc9f5.ts.net";
+        token = lib.tfRef "var.incus_token";
+      };
+    };
+  };
+  resource = {
+    incus_profile.d = {
+      name = "d";
+      config = {
+        "limits.cpu" = "2";
+        "security.nesting" = "true";
+        "boot.autostart" = "true";
+        "security.privileged" = "false";
+        "security.syscalls.intercept.mount" = "false";
+      };
+      device = [
+        {
+          name = "eth0";
+          type = "nic";
+          properties = {
+            network = "incusbr0";
+          };
+        }
+        {
+          name = "root";
+          type = "disk";
+          properties = {
+            pool = "default";
+            path = "/";
+          };
+        }
+      ];
+    };
+
+    incus_instance.observer-tofu = {
+      name = "observer-tofu";
+      image = "images:nixos/25.05/amd64";
+      profiles = [ "\${incus_profile.d.name}" ];
+      config = {
+        "limits.cpu" = "1";
+        "limits.memory" = "1GiB";
+      };
+      device = [
+        {
+          name = "http";
+          type = "proxy";
+          properties = {
+            listen = "tcp:0.0.0.0:8889";
+            connect = "tcp:127.0.0.1:3001";
+          };
+        }
+      ];
+    };
+
+    incus_instance.forgejo-runner-tofu = {
+      name = "forgejo-runner-tofu";
+      image = "images:nixos/25.05/amd64";
+      profiles = [ "\${incus_profile.d.name}" ];
+      config = {
+        "limits.cpu" = "6";
+        "limits.memory" = "8GiB";
+      };
+    };
+
+    incus_instance.base-tofu = {
+      name = "base-tofu";
+      image = "images:nixos/25.05/amd64";
+      profiles = [ "\${incus_profile.d.name}" ];
+      config = {
+        "limits.cpu" = "1";
+        "limits.memory" = "1GiB";
+      };
+    };
+  };
+}
Author	SHA1	Message	Date
Jermeiah S	7b7bcac73a	partial implementation of terranix All checks were successful / test (push) Successful in 35s Details	2025-06-20 13:10:49 -04:00
Jermeiah S	838ada9aaa	fix runner, added terranix	2025-06-20 13:10:04 -04:00