nixos, terraform: minor updates
This commit is contained in:
parent
db847545b3
commit
6bfb0bbd7d
|
@ -196,11 +196,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1637509688,
|
"lastModified": 1637605846,
|
||||||
"narHash": "sha256-NcKdyLZflWeSrwgavNGIG7LcP6XBcYGne04HIzWP1D4=",
|
"narHash": "sha256-Llelj1pYeAhGLftPxM2ixSgAfdPBAZOnpBZtpvaZ3Xo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "53edfe1d1c51c38e2adc4d8eb37a7a2657e3fe01",
|
"rev": "d00918ccaf7e1532d35db2f1e3d44db3da39b851",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
"${profile}" = lib.nixosSystem {
|
"${profile}" = lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules =
|
modules =
|
||||||
[ ./nixos/common ./nixos/hosts/${profile}/configuration.nix ]
|
[ ./nixos/common "${./.}/nixos/hosts/${profile}/configuration.nix" ]
|
||||||
++ (if lxc then [
|
++ (if lxc then [
|
||||||
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
|
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
|
||||||
./nixos/common/generic-lxc.nix
|
./nixos/common/generic-lxc.nix
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
|
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
|
||||||
|
|
||||||
deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
|
deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
|
||||||
checks = {};
|
checks = { };
|
||||||
in {
|
in {
|
||||||
# Make the config and deploy sets
|
# Make the config and deploy sets
|
||||||
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
|
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
|
||||||
|
@ -84,8 +84,8 @@
|
||||||
nixfmt
|
nixfmt
|
||||||
nixUnstable
|
nixUnstable
|
||||||
vault
|
vault
|
||||||
(vault-push-approle-envs self { })
|
|
||||||
(vault-push-approles self { })
|
(vault-push-approles self { })
|
||||||
|
(vault-push-approle-envs self { })
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
{
|
{
|
||||||
hostname = "bastion";
|
hostname = "bastion";
|
||||||
ip = "10.42.42.4";
|
ip = "10.42.42.4";
|
||||||
mac = "82:F0:7C:CB:BD:6D";
|
|
||||||
ip6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d";
|
ip6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d";
|
||||||
|
mac = "82:F0:7C:CB:BD:6D";
|
||||||
lxc = false;
|
lxc = false;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -85,6 +85,7 @@
|
||||||
{
|
{
|
||||||
hostname = "nuc";
|
hostname = "nuc";
|
||||||
ip = "10.42.42.42";
|
ip = "10.42.42.42";
|
||||||
|
ip6 = "2001:41f0:9639:1::42";
|
||||||
mac = "1C:69:7A:62:30:88";
|
mac = "1C:69:7A:62:30:88";
|
||||||
nix = false;
|
nix = false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,7 +52,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
vault-secrets = {
|
vault-secrets = {
|
||||||
vaultPrefix = "nixos";
|
vaultPrefix = "secrets/nixos";
|
||||||
vaultAddress = "http://vault.olympus:8200/";
|
vaultAddress = "http://vault.olympus:8200/";
|
||||||
approlePrefix = "olympus-${config.networking.hostName}";
|
approlePrefix = "olympus-${config.networking.hostName}";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
provider "vault" {
|
provider "vault" {
|
||||||
address = "http://10.42.42.6:8200"
|
address = "http://vault:8200"
|
||||||
skip_tls_verify = true
|
skip_tls_verify = true
|
||||||
}
|
}
|
||||||
|
|
||||||
# Proxmox authentication for terraform
|
# Proxmox authentication for terraform
|
||||||
data "vault_generic_secret" "proxmox_auth" {
|
data "vault_generic_secret" "proxmox_auth" {
|
||||||
path = "secrets/proxmox/terraform_auth"
|
path = "secrets/terraform/proxmox_credentials"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue