tf: hcl -> terranix

PrismLauncher · Nov 27, 2024 · 34f7156 · 34f7156
1 parent f376632
commit 34f7156
Show file tree

Hide file tree

Showing 10 changed files with 226 additions and 81 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,9 @@
 .envrc.local
 .direnv/
 
+# Terranix symlink
+config.tf.json
+
 # Local .terraform directories
 **/.terraform/*
 

diff --git a/flake.nix b/flake.nix
@@ -27,6 +27,16 @@
       url = "github:nlewo/comin";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    terranix = {
+      url = "github:terranix/terranix";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        systems.follows = "flake-utils/systems";
+        terranix-examples.follows = "";
+        bats-support.follows = "";
+        bats-assert.follows = "";
+      };
+    };
     blockgame-meta = {
       url = "github:PrismLauncher/meta";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -42,6 +52,7 @@
     flake-utils.lib.meld inputs [
       ./machines/andesite
       ./modules
+      ./tf
       ./development.nix
     ];
 }
diff --git a/main.tf b/main.tf
diff --git a/provider.tf b/provider.tf
diff --git a/tf/default.nix b/tf/default.nix
@@ -0,0 +1,43 @@
+{
+  flake-utils,
+  nixpkgs,
+  terranix,
+  ...
+}:
+
+flake-utils.lib.eachDefaultSystem (
+  system:
+
+  let
+    pkgs = nixpkgs.legacyPackages.${system};
+
+    opentofu = pkgs.opentofu.withPlugins (plugins: [
+      plugins.hcloud
+      plugins.netlify
+    ]);
+
+    terranixConfiguration = terranix.lib.terranixConfiguration {
+      inherit system;
+      modules = [
+        ./modules
+        ./main.nix
+        ./provider.nix
+      ];
+    };
+  in
+
+  {
+    apps.tf = flake-utils.lib.mkApp {
+      drv = pkgs.writeShellApplication {
+        name = "tf";
+
+        runtimeInputs = [ opentofu ];
+
+        text = ''
+          ln -sf ${terranixConfiguration} config.tf.json
+          exec tofu "$@"
+        '';
+      };
+    };
+  }
+)
diff --git a/tf/main.nix b/tf/main.nix
@@ -0,0 +1,56 @@
+{ config, lib, ... }:
+
+{
+  resource = {
+    hcloud_server = {
+      andesite = {
+        name = "andesite";
+        image = "ubuntu-22.04";
+        server_type = "cax11";
+        datacenter = "fsn1-dc14";
+        public_net = {
+          ipv4_enabled = true;
+          ipv6_enabled = true;
+        };
+      };
+    };
+
+    netlify_dns_zone = {
+      "prismlauncher" = {
+        name = "prismlauncher.org";
+        lifecycle = {
+          prevent_destroy = true;
+        };
+      };
+    };
+
+    netlify_dns_record = {
+      "andesite4" = {
+        type = "A";
+        zone_id = lib.tfRef "netlify_dns_zone.prismlauncher.id";
+        hostname = "andesite.prismlauncher.org";
+        value = lib.tfRef "hcloud_server.andesite.ipv4_address";
+      };
+
+      "andesite6" = {
+        type = "AAAA";
+        zone_id = lib.tfRef "netlify_dns_zone.prismlauncher.id";
+        hostname = "andesite.prismlauncher.org";
+        value = lib.tfRef "hcloud_server.andesite.ipv6_address";
+      };
+    };
+
+    local_file = {
+      andesite-facts = {
+        content = lib.generators.toJSON { } {
+          hostname = config.resource.hcloud_server.andesite.name;
+          domain = config.resource.netlify_dns_zone.prismlauncher.name;
+          ipv4_address = lib.tfRef "resource.hcloud_server.andesite.ipv4_address";
+          ipv6_address = lib.tfRef "hcloud_server.andesite.ipv6_address";
+        };
+
+        filename = toString ../machines/andesite/facts.json;
+      };
+    };
+  };
+}
diff --git a/tf/modules/default.nix b/tf/modules/default.nix
@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./providers.nix
+  ];
+}
diff --git a/tf/modules/providers.nix b/tf/modules/providers.nix
@@ -0,0 +1,82 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.infra.providers;
+
+  providerSubmodule =
+    { config, name, ... }:
+    {
+      freeformType = lib.types.attrsOf lib.types.anything;
+
+      options = {
+        name = lib.mkOption {
+          type = lib.types.str;
+          default = name;
+          defaultText = lib.literalExpression "<Name of the attribute>";
+          description = "Name of the provider.";
+          example = "tailscale";
+        };
+
+        registry = lib.mkOption {
+          type = lib.types.str;
+          default = cfg.defaultRegistry;
+          defaultText = lib.literalExpression "config.infra.providers.registry";
+          description = "URL of Terraform provider registry.";
+          example = "registry.mydomain.org";
+        };
+
+        source = lib.mkOption {
+          type = lib.types.str;
+          default = "${config.name}/${config.name}";
+          defaultText = lib.literalExpression "\${name}/\${name}";
+          apply = source: cfg.required.${name}.registry + "/${source}";
+          description = ''
+            Source of the provider in `<owner>/<provider>` format.
+
+            NOTE: The registry URL is prepended to this value.
+          '';
+          example = "tailscale/tailscale";
+        };
+      };
+    };
+in
+
+{
+  options.infra.providers = {
+    defaultRegistry = lib.mkOption {
+      type = lib.types.str;
+      default = "registry.terraform.io";
+      description = "URL of Terraform provider registry.";
+      example = "registry.mydomain.org";
+    };
+
+    required = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule providerSubmodule);
+      default = { };
+      description = ''
+        Attribute set declaring required Terraform providers.
+
+        Definitions with no explicit declarations are used to configure the
+        provider -- i.e., defining `tailscale.tailnet = "mydomain.org"` would
+        evaluate to `provider.tailscale.tailnet = "mydomain.org"`.
+      '';
+    };
+  };
+
+  config = lib.mkIf (cfg.required != { }) {
+    terraform.required_providers = lib.mapAttrs (lib.const (cfg': {
+      inherit (cfg') source;
+    })) cfg.required;
+
+    provider = lib.mapAttrs' (lib.const (
+      cfg':
+      lib.nameValuePair cfg'.name (
+        lib.removeAttrs cfg' [
+          "name"
+          "registry"
+          "source"
+        ]
+      )
+    )) cfg.required;
+  };
+}
diff --git a/tf/provider.nix b/tf/provider.nix
@@ -0,0 +1,26 @@
+{ lib, ... }:
+
+{
+  infra.providers.required = {
+    hcloud = {
+      source = "hetznercloud/hcloud";
+
+      token = lib.tfRef "var.hcloud_token";
+    };
+
+    netlify = {
+      token = lib.tfRef "var.netlify_token";
+      default_team_slug = "prismlauncher";
+    };
+  };
+
+  variable = {
+    hcloud_token = {
+      sensitive = true;
+    };
+
+    netlify_token = {
+      type = lib.literalExpression "string";
+    };
+  };
+}
diff --git a/treefmt.nix b/treefmt.nix
@@ -3,12 +3,10 @@
   projectRootFile = "flake.nix";
 
   programs.actionlint.enable = true;
-  programs.hclfmt.enable = true;
   programs.just.enable = true;
   programs.mdformat.enable = true;
   programs.nixfmt.enable = true;
   programs.shfmt.enable = true;
-  programs.terraform.enable = true;
   programs.yamlfmt.enable = true;
 
   settings.global.excludes = [