introduce arrow host and deployment

2025-07-05 18:30:13 +00:00 · 2024-03-24 13:16:20 -04:00
parent b06ebc7185
commit 67ab65fa16
41 changed files with 696 additions and 315 deletions
--- a/hosts/arrow/default.nix
+++ b/hosts/arrow/default.nix
@ -0,0 +1,8 @@
+{ inputs, globals, overlays, ... }:
+
+inputs.nixpkgs.lib.nixosSystem {
+  system = "x86_64-linux";
+  specialArgs = { };
+  modules = import ./modules.nix { inherit inputs globals overlays; };
+}
+
--- a/hosts/arrow/main.tf
+++ b/hosts/arrow/main.tf
@ -0,0 +1,93 @@
+terraform {
+    backend "s3" {}
+  required_version = ">= 1.0.0"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "5.42.0"
+    }
+    vultr = {
+      source = "vultr/vultr"
+      version = "2.19.0"
+    }
+  }
+}
+
+# locals {
+#   image_file = one(fileset(path.root, "result/iso/nixos.iso"))
+# }
+
+variable "cloudflare_account_id" {
+    type = string
+    description = "ID of the Cloudflare account"
+}
+
+variable "cloudflare_r2_access_key" {
+    type = string
+    description = "Non-sensitive access key ID for Cloudflare R2"
+}
+
+variable "cloudflare_r2_secret_key" {
+    type = string
+    description = "Sensitive access key secret for Cloudflare R2"
+    sensitive = true
+}
+
+variable "vultr_api_key" {
+    type = string
+    description = "API key for Vultr management"
+    sensitive = true
+}
+
+provider "aws" {
+  region = "us-east-1"
+
+  access_key = var.cloudflare_r2_access_key
+  secret_key = var.cloudflare_r2_secret_key
+
+  skip_credentials_validation = true
+  skip_region_validation      = true
+  skip_requesting_account_id  = true
+
+  endpoints {
+    s3 = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com"
+  }
+}
+
+provider "vultr" {
+  api_key = var.vultr_api_key
+}
+
+# data "aws_s3_bucket" "images" {
+#   bucket = "noahmasur-arrow-images"
+# }
+#
+# resource "aws_s3_object" "image" {
+#   bucket = data.aws_s3_bucket.images.id
+#   key    = "arrow.iso"
+#   source = local.image_file
+#   etag   = filemd5(local.image_file)
+#   acl    = "public-read"
+# }
+
+resource "vultr_iso_private" "image" {
+    # url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}"
+    url = "https://arrow.images.masu.rs/arrow.iso"
+}
+
+resource "vultr_instance" "arrow" {
+    plan = "vc2-1c-2gb"
+    region = "ewr"
+    iso_id = vultr_iso_private.image.id
+    label = "arrow"
+    tags = ["arrow"]
+    enable_ipv6 = false
+    disable_public_ipv4 = false
+    backups = "disabled"
+    ddos_protection = false
+    activation_email = false
+}
+
+output "host_ip" {
+    value = vultr_instance.arrow.main_ip
+}
--- a/hosts/arrow/modules.nix
+++ b/hosts/arrow/modules.nix
@ -0,0 +1,34 @@
+{ inputs, globals, overlays }:
+
+[
+  globals
+  inputs.home-manager.nixosModules.home-manager
+  {
+    nixpkgs.overlays = overlays;
+    networking.hostName = "arrow";
+    physical = false;
+    server = true;
+    gui.enable = false;
+    theme.colors = (import ../../colorscheme/gruvbox).dark;
+    publicKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
+    ];
+    identityFile = "/home/${globals.user}/.ssh/id_ed25519";
+    cloudflare.enable = true;
+    services.openssh.enable = true;
+    services.caddy.enable = true;
+    services.transmission.enable = true;
+
+    virtualisation.vmVariant = {
+      virtualisation.forwardPorts = [{
+        from = "host";
+        host.port = 2222;
+        guest.port = 22;
+      }];
+    };
+  }
+  ../../modules/common
+  ../../modules/nixos
+]
+
--- a/hosts/aws/default.nix
+++ b/hosts/aws/default.nix
@ -12,8 +12,9 @@ inputs.nixos-generators.nixosGenerate {
      gui.enable = false;
      theme.colors = (import ../../colorscheme/gruvbox).dark;
      passwordHash = null;
-      publicKey =
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+      publicKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+      ];
      # AWS settings require this
      permitRootLogin = "prohibit-password";
    }
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@ -84,8 +84,9 @@ inputs.nixpkgs.lib.nixosSystem {
      };

      # Disable passwords, only use SSH key
-      publicKey =
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+      publicKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+      ];

      # # Wireguard config for Transmission
      # wireguard.enable = true;
--- a/hosts/swan/default.nix
+++ b/hosts/swan/default.nix
@ -109,8 +109,9 @@ inputs.nixpkgs.lib.nixosSystem {
      };

      # Disable passwords, only use SSH key
-      publicKey =
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
+      publicKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+      ];
    }
  ];
 }