organize to multiple provision

Author: zbioe

arion-pkgs.nix

@@ -8,15 +8,15 @@
           environment = {
             VAULT_ADDR = "0.0.0.0";
             VAULT_DEV_ROOT_TOKEN_ID = "root-token";
-            VAULT_LOG_LEVEL = "debug";
+            VAULT_LOG_LEVEL = "trace";
           };
         };
       };
       vault-setup = { config, pkgs, ... }: {
         service = {
           image = "vault:latest";
           depends_on = [ "vault" ];
-          volumes = [ "./scripts/vault-init.sh:/init.sh" ];
+          volumes = [ "../scripts/vault-init.sh:/init.sh" ];
           entrypoint = "/init.sh";
           environment = {
             VAULT_ADDR = "http://vault:8200";

arion-compose.nix arion/arion-compose.nix

@@ -0,0 +1 @@
+import ../nixpkgs { system = "x86_64-linux"; }

arion/arion-pkgs.nix

@@ -52,7 +52,7 @@ in {
   environment.sessionVariables = variables;
   environment = { inherit variables; };
   deployment = {
-    tags = [ "consul" "server" "test" ];
+    tags = [ "consul" "server" datacenter ];
     targetUser = "main";
     targetPort = 22;
   };

deploys/consul/default.nix

@@ -1,18 +1,36 @@
 { pkgs, system, ... }:
 with pkgs;
 let
+  inherit (builtins) readFile;
+  inherit (writers) writeBash;
   build = writeScriptBin "build" ''
     nix build .#$*
   '';
   build-qcow = writeScriptBin "build-qcow" ''
     build qcow
+    # add image to cache
+    git add -Nf ./result
   '';
   apply = writeScriptBin "apply" ''
+    # defaults to local
+    nix run .#apply
+  '';
+  apply-local = writeScriptBin "apply-local" ''
+    nix run .#apply-local
+  '';
+  apply-gcp = writeScriptBin "apply-gcp" ''
     nix run .#apply
   '';
   destroy = writeScriptBin "destroy" ''
+    # defaults to local
     nix run .#destroy
   '';
+  destroy-local = writeScriptBin "destroy-local" ''
+    nix run .#destroy-local
+  '';
+  destroy-gcp = writeScriptBin "destroy-gcp" ''
+    nix run .#destroy-gcp
+  '';
   deploy = writeScriptBin "deploy" ''
     nix run .#deploy
   '';
@@ -25,17 +43,29 @@ let
   local-k8s = writeScriptBin "local-k8s" ''
     nix run .#local-k8s
   '';
+  terranix-apply =
+    writeBash "terraform-apply" (readFile ./scripts/terranix-apply.sh);
+  terranix-destroy =
+    writeBash "terraform-destroy" (readFile ./scripts/terranix-destroy.sh);
 in mkShell {
   packages = [
     # custom
     build
     build-qcow
+    minikube
     apply
+    apply-local
+    apply-gcp
+    destroy-local
+    destroy-gcp
     destroy
     deploy
     clean-ssh
     local-vault
     local-k8s
+    # terranix
+    # terranix-apply
+    # terranix-destroy
     # pkgs
     consul
     consul-template
@@ -50,6 +80,7 @@ in mkShell {
     qemu-utils
     colmena
     vault
+    bashInteractive
   ];
   shellHook = ''
     export NIX_PATH=${pkgs.path}

devShell.nix

@@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }: {
-  imports = [ ./provision/libvirt ];
-  provision.libvirt = {
+  provision.gcp = {
     networks = {
       n1 = {
         mode = "nat";

provision.nix env/gcp/config.nix

@@ -0,0 +1 @@
+{}

env/gcp/output.json

@@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }: {
+  provision.libvirt = {
+    networks = {
+      n1 = {
+        mode = "nat";
+        domain = "n1.local";
+        addresses = [ "10.0.62.0/24" ];
+        dhcp.enable = true;
+        dns.enable = true;
+      };
+    };
+    volumes = {
+      nixos = { source = ../../result/nixos.qcow2; };
+      c1v1 = { source = "nixos"; };
+      c1v2 = { source = "nixos"; };
+      c1v3 = { source = "nixos"; };
+      c2v1 = { source = "nixos"; };
+      c2v2 = { source = "nixos"; };
+      c2v3 = { source = "nixos"; };
+    };
+    replicas = {
+      c1r1 = {
+        interfaces = { n1.addresses = [ "10.0.62.11" ]; };
+        disks = [ "c1v1" ];
+      };
+      c1r2 = {
+        interfaces = { n1.addresses = [ "10.0.62.12" ]; };
+        disks = [ "c1v2" ];
+      };
+      c1r3 = {
+        interfaces = { n1.addresses = [ "10.0.62.13" ]; };
+        disks = [ "c1v3" ];
+      };
+      c2r1 = {
+        interfaces = { n1.addresses = [ "10.0.62.14" ]; };
+        disks = [ "c2v1" ];
+      };
+      c2r2 = {
+        interfaces = { n1.addresses = [ "10.0.62.15" ]; };
+        disks = [ "c2v2" ];
+      };
+      c2r3 = {
+        interfaces = { n1.addresses = [ "10.0.62.16" ]; };
+        disks = [ "c2v3" ];
+      };
+    };
+  };
+}

env/local/config.nix

@@ -0,0 +1 @@
+{}

env/local/output.json

@@ -22,12 +22,17 @@
         overlays = [ self.overlays.default ];
       };
       system = "x86_64-linux";
-      terraform =
-        pkgs.terraform.withPlugins (p: [ p.null p.external p.libvirt ]);
-      terraformConfiguration = terranix.lib.terranixConfiguration {
-        inherit system pkgs;
-        modules = [ ./provision.nix ];
-      };
+      terraform = pkgs.terraform.withPlugins
+        (p: [ p.null p.external p.libvirt p.google p.azurerm ]);
+
+      genConfig = env:
+        terranix.lib.terranixConfiguration {
+          inherit system pkgs;
+          modules = [ ./provision ./env/${env}/config.nix ];
+        };
+
+      localConfig = genConfig "local";
+      gcpConfig = genConfig "gcp";
     in {
       # overlay
       overlays = import ./overlays;
@@ -47,24 +52,33 @@
 
       # Apps
       apps.${system} = {
+
         # nix run ".#apply"
-        apply = {
+        # defaults to local
+        apply = self.apps.${system}.apply-local;
+
+        # nix run ".#apply-local"
+        apply-local = {
           type = "app";
-          program = toString (pkgs.writers.writeBash "apply" ''
-            set -euo pipefail
-            if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
-              cp ${terraformConfiguration} config.tf.json \
-              && ${terraform}/bin/terraform init \
-              && ${terraform}/bin/terraform apply \
-              && ${terraform}/bin/terraform output -json > output.json
+          program = toString (pkgs.writers.writeBash "apply-local" ''
+            scripts/terranix-apply.sh "local" ${localConfig}
+          '');
+        };
+
+        # nix run ".#apply-gcp"
+        apply-gcp = {
+          type = "app";
+          program = toString (pkgs.writers.writeBash "apply-gcp" ''
+            scripts/terranix-apply.sh "gcp" ${gcpConfig}
           '');
         };
+
         # nix run ".#local-vault"
         local-vault = {
           type = "app";
           program = toString (pkgs.writers.writeBash "local-vault" ''
             set -euo pipefail
-
+            cd arion/
             arion up
           '');
         };
@@ -74,29 +88,37 @@
           type = "app";
           program = toString (pkgs.writers.writeBash "local-k8s" ''
             set -euo pipefail
-            scripts/local-k8s.sh
-            scripts/configre.sh
+            scripts/k8s/local-k8s.sh
+            scripts/k8s/configre.sh
           '');
         };
 
         # nix run ".#destroy"
-        destroy = {
+        # defaults to local
+        destroy = self.apps.${system}.destroy-local;
+
+        # nix run ".#destroy-local"
+        destroy-local = {
           type = "app";
-          program = toString (pkgs.writers.writeBash "destroy" ''
-            set -euo pipefail
-            if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
-              cp ${terraformConfiguration} config.tf.json \
-              && ${terraform}/bin/terraform init \
-              && ${terraform}/bin/terraform destroy \
-              && rm -f output.json
+          program = toString (pkgs.writers.writeBash "destroy-local" ''
+            scripts/terranix-destroy.sh "local" ${localConfig}
+          '');
+        };
+
+        # nix run ".#destroy-gcp
+        destroy-gcp = {
+          type = "app";
+          program = toString (pkgs.writers.writeBash "destroy-gcp" ''
+            scripts/terranix-destroy.sh "gcp" ${gcpConfig}
           '');
         };
+
         # nix run ".#clean-ssh"
         clean-ssh = {
           type = "app";
           program = toString (pkgs.writers.writeBash "clean-ssh" ''
             set -euo pipefail
-            for ip in $(${pkgs.jq}/bin/jq -r '.[].value' output.json); do
+            for ip in $(${pkgs.jq}/bin/jq -r '.[].value.ip.pub' ./env/*/output.json); do
               ssh-keygen -R "$ip"
             done
           '');
@@ -118,19 +140,24 @@
       colmena = let
         # read attributes from ouput.json gerated by `nix run .#apply`
         inherit (builtins) fromJSON readFile foldl' attrNames;
-        output = fromJSON (readFile ./output.json);
         keys = import ./keys; # datacenter: {...}
+        genOutput = env:
+          let output = fromJSON (readFile ./env/${env}/output.json);
+          in foldl' (a: b: a // b) { } (map (name:
+            let host = output.${name}.value;
+            in {
+              # generate hosts by name prefix
+              ${name} = {
+                deployment = {
+                  tags = [ env ];
+                  targetHost = host.ip.pub;
+                  keys = import ./keys;
+                };
+              };
+            }) (attrNames output));
       in {
         meta = { nixpkgs = pkgs; };
         defaults = import ./deploys/consul;
-      } // foldl' (a: b: a // b) { } (map (name: {
-        # generate hosts by name prefix
-        ${name} = {
-          deployment = {
-            targetHost = output.${name}.value;
-            keys = import ./keys;
-          };
-        };
-      }) (attrNames output));
+      } // (genOutput "local") // (genOutput "gcp");
     };
 }

flake.nix

@@ -1,6 +1,6 @@
 { modulesPath, ... }:
 let
-  ssh-keys = import ../ssh-keys.nix;
+  ssh-keys = import ./ssh-keys.nix;
   username = "main";
   password = "alface";
 in {

generators/minimal-libvirt.nix

@@ -0,0 +1,5 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ./libvirt ];
+}