organize and start gcp module

Author: zbioe

.envrc

@@ -0,0 +1,8 @@
+watch_file "$(pwd)/flake.{lock,nix}"
+watch_file "$(pwd)/devShell.nix"
+watch_file "$(pwd)/scripts/k8s/local-k8s.sh"
+watch_file "$(pwd)/scripts/*.sh"
+watch_dir "$(pwd)/overlays"
+watch_dir "$(pwd)/nixpkgs"
+watch_dir "$(pwd)/lib"
+use flake

.gitignore

@@ -4,7 +4,6 @@ config.tf.json
 terraform.*
 .direnv
 result
-.envrc
 .tmp-arion-*
 output.json
-env/*/image
+images/*

deploys/consul/default.nix

@@ -2,7 +2,12 @@
 let
   inherit (builtins) attrNames attrValues length match elemAt;
   inherit (pkgs.lib) concatMapStrings mkIf strings filter assertMsg mkForce;
-  # inherit (pkgs.lib.asserts) ;
+  inherit (data) datacenter replica;
+  variables = {
+    CONSUL_HTTP_ADDR = "http://127.0.0.1:8500";
+    VAULT_ADDR = "http://10.0.62.1:8200";
+    VAULT_TOKEN = "root-token";
+  };
   ports = {
     admin = 19000;
     mesh = 8443; # gateway
@@ -32,14 +37,8 @@ let
       datacenter = elemAt name_match 0;
       replica = elemAt name_match 1;
     };
-  variables = {
-    VAULT_ADDR = "http://10.0.62.1:8200";
-    VAULT_TOKEN = "root-token";
-  };
-  inherit (data) datacenter replica;
 in {
-  imports =
-    [ ../../generators/minimal-libvirt.nix ./gateway.nix ./templates.nix ];
+  imports = [ ./gateway.nix ./templates.nix ];
   networking.hostName = name;
   networking.extraHosts = concatMapStrings (hostName: ''
     ${config.deployment.targetHost} ${hostName}
@@ -140,8 +139,8 @@ in {
         wantedBy = [ "consul.service" ];
         path = "/etc/consul.d/encryption.hcl";
         script = ''
-          if !systemctl is-active -q consul; then echo consul is down && return; fi
-          NEW_KEY=$(cut -f2 -d\" </etc/consul.d/gossip.hcl | sed -e '/^$/d')
+          if ! systemctl is-active -q consul; then echo consul is down && exit 0; fi
+          NEW_KEY=$(cut -f2 -d\" </etc/consul.d/encryption.hcl | sed -e '/^$/d')
           consul keyring -install "$NEW_KEY"
           consul keyring -use "$NEW_KEY"
           KEYS=$(curl -s "$CONSUL_HTTP_ADDR/v1/operator/keyring")
@@ -160,7 +159,7 @@ in {
       };
       pki = rec {
         script = ''
-          if !systemctl is-active -q consul; then echo consul is down && return; fi
+          if ! systemctl is-active -q consul; then echo consul is down && exit 0; fi
           consul reload
         '';
         wantedBy = [ "consul.service" ];

devShell.nix

@@ -3,97 +3,122 @@ with pkgs;
 let
   inherit (builtins) readFile;
   inherit (writers) writeBash;
+
+  # Build images
   build = writeScriptBin "build" ''
-    env=$1
-    image=$2
-    nix build --out-link "./env/$env/image" .#$image
+    set -eu
+    image=$1
+    nix build --out-link "./images/$image" .#$image
     # add image to cache
-    git add -Nf env/$env/image
+    git add -Nf images/$image
   '';
   build-qcow = writeScriptBin "build-qcow" ''
-    build local qcow
+    build qcow
   '';
   build-gce = writeScriptBin "build-gce" ''
-    build gcp gce
+    build gce
   '';
+
+  # Apply using terraform
   apply = writeScriptBin "apply" ''
-    # defaults to local
-    nix run .#apply
+    env=''${1:-libvirt}
+    # defaults to libvirt
+    nix run .#apply-$env
   '';
-  apply-local = writeScriptBin "apply-local" ''
-    nix run .#apply-local
+  apply-libvirt = writeScriptBin "apply-libvirt" ''
+    apply libvirt
   '';
   apply-gcp = writeScriptBin "apply-gcp" ''
-    nix run .#apply
+    apply gcp
   '';
+
+  # Destroy using terraform
   destroy = writeScriptBin "destroy" ''
-    # defaults to local
-    nix run .#destroy
+    env=''${1:-libvirt}
+    # defaults to libvirt
+    nix run .#destroy-$env
   '';
-  destroy-local = writeScriptBin "destroy-local" ''
-    nix run .#destroy-local
+  destroy-libvirt = writeScriptBin "destroy-libvirt" ''
+    destroy libvirt
   '';
   destroy-gcp = writeScriptBin "destroy-gcp" ''
-    nix run .#destroy-gcp
+    destroy gcp
   '';
+
+  # Deploy nix using colmena
   deploy = writeScriptBin "deploy" ''
-    nix run .#deploy
+    env=''${1:-libvirt}
+    nix run .#deploy-$env
   '';
-  deploy-local = writeScriptBin "deploy-local" ''
-    nix run .#deploy-local
+  deploy-libvirt = writeScriptBin "deploy-libvirt" ''
+    deploy libvirt
   '';
   deploy-gcp = writeScriptBin "deploy-gcp" ''
-    nix run .#deploy-gcp
+    deploy gcp
   '';
+
+  # Clean SSH authorized keys
   clean-ssh = writeScriptBin "clean-ssh" ''
-    nix run .#clean-ssh
+    env=''${1:-"libvirt""}
+    [[ "$env" == all ]] && ./scripts/clean-ssh.sh
+    nix run .#clean-ssh-$env
   '';
-  clean-ssh-local = writeScriptBin "clean-ssh-local" ''
-    nix run .#clean-ssh-local
+  clean-ssh-libvirt = writeScriptBin "clean-ssh-libvirt" ''
+    nix run .#clean-ssh-libvirt
   '';
   clean-ssh-gcp = writeScriptBin "clean-ssh-gcp" ''
     nix run .#clean-ssh-gcp
   '';
+
+  # Up and Running local vault using docker-compose by arion
   local-vault = writeScriptBin "local-vault" ''
     nix run .#local-vault
   '';
+
+  # Up and running local k8s using k3d
   local-k8s = writeScriptBin "local-k8s" ''
     nix run .#local-k8s
   '';
-  terranix-apply =
-    writeBash "terraform-apply" (readFile ./scripts/terranix-apply.sh);
-  terranix-destroy =
-    writeBash "terraform-destroy" (readFile ./scripts/terranix-destroy.sh);
+
 in mkShell {
   packages = [
-    # custom
+    # build images
     build
     build-qcow
     build-gce
-    minikube
+
+    # provision apply
     apply
-    apply-local
+    apply-libvirt
     apply-gcp
-    destroy-local
-    destroy-gcp
+
+    # provision destroy
     destroy
+    destroy-libvirt
+    destroy-gcp
+
+    # deploy nix
     deploy
-    deploy-local
+    deploy-libvirt
     deploy-gcp
+
+    # clean ssh authorized keys
     clean-ssh
-    clean-ssh-local
+    clean-ssh-libvirt
     clean-ssh-gcp
+
+    # start local vault
     local-vault
+
+    # start local k8s
     local-k8s
-    # terranix
-    # terranix-apply
-    # terranix-destroy
+
     # pkgs
     consul
     consul-template
     vault
     envoy
-    terraform
+    terraformWithPlugins
     terranix
     kube3d
     kubernetes-helm

env/gcp/config.nix

@@ -1,48 +1,47 @@
 { config, lib, pkgs, ... }: {
   provision.gcp = {
-    networks = {
-      n1 = {
-        mode = "nat";
-        domain = "n1.local";
-        addresses = [ "10.0.62.0/24" ];
-        dhcp.enable = true;
-        dns.enable = true;
-      };
-    };
-    volumes = {
-      nixos = { source = ./result/nixos.qcow2; };
-      c1v1 = { source = "nixos"; };
-      c1v2 = { source = "nixos"; };
-      c1v3 = { source = "nixos"; };
-      c2v1 = { source = "nixos"; };
-      c2v2 = { source = "nixos"; };
-      c2v3 = { source = "nixos"; };
-    };
+    enable = true;
+    project = "bornlogic-consul";
     replicas = {
-      c1r1 = {
-        interfaces = { n1.addresses = [ "10.0.62.11" ]; };
-        disks = [ "c1v1" ];
-      };
-      c1r2 = {
-        interfaces = { n1.addresses = [ "10.0.62.12" ]; };
-        disks = [ "c1v2" ];
-      };
-      c1r3 = {
-        interfaces = { n1.addresses = [ "10.0.62.13" ]; };
-        disks = [ "c1v3" ];
-      };
-      c2r1 = {
-        interfaces = { n1.addresses = [ "10.0.62.14" ]; };
-        disks = [ "c2v1" ];
-      };
-      c2r2 = {
-        interfaces = { n1.addresses = [ "10.0.62.15" ]; };
-        disks = [ "c2v2" ];
-      };
-      c2r3 = {
-        interfaces = { n1.addresses = [ "10.0.62.16" ]; };
-        disks = [ "c2v3" ];
+      test = {
+
       };
     };
+    #   networks = {
+    #     n1 = {
+    #       mode = "nat";
+    #       domain = "n1.local";
+    #       addresses = [ "10.0.62.0/24" ];
+    #       dhcp.enable = true;
+    #       dns.enable = true;
+    #     };
+    #   };
+    #   volumes = {
+    #     nixos = {
+    #       source = let
+    #         inherit (builtins) readDir attrNames head;
+    #         base_dir = ./images/gce;
+    #         # get first file of builded generated folder
+    #         filename = (head (attrNames (readDir base_dir)));
+    #       in base_dir + ./${filename};
+    #     };
+    #     c1v1 = { source = "nixos"; };
+    #     c1v2 = { source = "nixos"; };
+    #     c1v3 = { source = "nixos"; };
+    #   };
+    #   replicas = {
+    #     c1r1 = {
+    #       interfaces = { n1.addresses = [ "10.0.62.11" ]; };
+    #       disks = [ "c1v1" ];
+    #     };
+    #     c1r2 = {
+    #       interfaces = { n1.addresses = [ "10.0.62.12" ]; };
+    #       disks = [ "c1v2" ];
+    #     };
+    #     c1r3 = {
+    #       interfaces = { n1.addresses = [ "10.0.62.13" ]; };
+    #       disks = [ "c1v3" ];
+    #     };
+    #   };
   };
 }

env/local/config.nix env/libvirt/config.nix

@@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }: {
   provision.libvirt = {
+    enable = true;
+    uri = "qemu:///system";
     networks = {
       n1 = {
         mode = "nat";
@@ -10,7 +12,7 @@
       };
     };
     volumes = {
-      nixos = { source = image/nixos.qcow2; };
+      nixos = { source = ../../images/qcow/nixos.qcow2; };
       c1v1 = { source = "nixos"; };
       c1v2 = { source = "nixos"; };
       c1v3 = { source = "nixos"; };

env/libvirt/output.json

@@ -0,0 +1 @@
+{}