Compare commits

..

No commits in common. "858557410011239c434a6533ce699084d2b31142" and "67ab65fa167afd63b6f222cc0903cf5504057cef" have entirely different histories.

4 changed files with 58 additions and 50 deletions

View File

@ -5,16 +5,17 @@ env:
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }} DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }} ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com" CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }} TF_VAR_cloudflare_account_id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }} TF_VAR_cloudflare_r2_access_key: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
AWS_ENDPOINT_URL_S3: "https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com" TF_VAR_cloudflare_r2_secret_key: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }} TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }}
on: on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
rebuild: rebuild:
type: boolean type: bool
required: true
default: false default: false
action: action:
type: choice type: choice
@ -75,14 +76,21 @@ jobs:
# Checks whether Terraform is formatted properly. If this fails, you # Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook. # should install the pre-commit hook.
- name: Check Formatting - name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: | run: |
terraform fmt -no-color -check -diff -recursive terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers. # Connects to remote state backend and download providers.
- name: Terraform Init - name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }} working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform init run: |
terraform init \
-backend-config="endpoint=${{ env.CLOUDFLARE_R2_ENDPOINT }}" \
-backend-config="workspace_key_prefix=${{ github.repository }}/arrow" \
-backend-config="key=state.tfstate" \
-backend-config="skip_credentials_validation=true" \
-backend-config="skip_region_validation=true" \
-backend-config="region=anything" \
-backend-config="bucket=noahmasur-terraform"
# Deploys infrastructure or changes to infrastructure. # Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply - name: Terraform Apply

View File

@ -1,30 +1,13 @@
terraform { terraform {
backend "s3" { backend "s3" {}
bucket = "noahmasur-terraform"
key = "arrow.tfstate"
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
use_path_style = true
/*
ENVIRONMENT VARIABLES
---------------------
AWS_ACCESS_KEY_ID - R2 token
AWS_SECRET_ACCESS_KEY - R2 secret
AWS_ENDPOINT_URL_S3 - R2 location: https://ACCOUNT_ID.r2.cloudflarestorage.com
*/
}
required_version = ">= 1.0.0" required_version = ">= 1.0.0"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = "5.42.0" version = "5.42.0"
} }
vultr = { vultr = {
source = "vultr/vultr" source = "vultr/vultr"
version = "2.19.0" version = "2.19.0"
} }
} }
@ -34,23 +17,41 @@ terraform {
# image_file = one(fileset(path.root, "result/iso/nixos.iso")) # image_file = one(fileset(path.root, "result/iso/nixos.iso"))
# } # }
# variable "cloudflare_r2_endpoint" { variable "cloudflare_account_id" {
# type = string type = string
# description = "Domain for the Cloudflare R2 endpoint" description = "ID of the Cloudflare account"
# } }
variable "cloudflare_r2_access_key" {
type = string
description = "Non-sensitive access key ID for Cloudflare R2"
}
variable "cloudflare_r2_secret_key" {
type = string
description = "Sensitive access key secret for Cloudflare R2"
sensitive = true
}
variable "vultr_api_key" { variable "vultr_api_key" {
type = string type = string
description = "API key for Vultr management" description = "API key for Vultr management"
sensitive = true sensitive = true
} }
provider "aws" { provider "aws" {
region = "auto" region = "us-east-1"
access_key = var.cloudflare_r2_access_key
secret_key = var.cloudflare_r2_secret_key
skip_credentials_validation = true skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true skip_region_validation = true
skip_requesting_account_id = true skip_requesting_account_id = true
endpoints {
s3 = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com"
}
} }
provider "vultr" { provider "vultr" {
@ -70,23 +71,23 @@ provider "vultr" {
# } # }
resource "vultr_iso_private" "image" { resource "vultr_iso_private" "image" {
# url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}" # url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}"
url = "https://arrow.images.masu.rs/arrow.iso" url = "https://arrow.images.masu.rs/arrow.iso"
} }
resource "vultr_instance" "arrow" { resource "vultr_instance" "arrow" {
plan = "vc2-1c-2gb" plan = "vc2-1c-2gb"
region = "ewr" region = "ewr"
iso_id = vultr_iso_private.image.id iso_id = vultr_iso_private.image.id
label = "arrow" label = "arrow"
tags = ["arrow"] tags = ["arrow"]
enable_ipv6 = false enable_ipv6 = false
disable_public_ipv4 = false disable_public_ipv4 = false
backups = "disabled" backups = "disabled"
ddos_protection = false ddos_protection = false
activation_email = false activation_email = false
} }
output "host_ip" { output "host_ip" {
value = vultr_instance.arrow.main_ip value = vultr_instance.arrow.main_ip
} }

View File

@ -103,7 +103,6 @@ inputs.nixpkgs.lib.nixosSystem {
mullvad.enable = false; mullvad.enable = false;
nixlang.enable = true; nixlang.enable = true;
rust.enable = true; rust.enable = true;
terraform.enable = true;
yt-dlp.enable = true; yt-dlp.enable = true;
gaming = { gaming = {
dwarf-fortress.enable = true; dwarf-fortress.enable = true;

View File

@ -31,7 +31,7 @@ in {
src = prev.caddy.src; src = prev.caddy.src;
vendorHash = "sha256-zeuvCk7kZa/W/roC12faCQDav4RB8RT1dR2Suh2yjD8="; vendorHash = "sha256-woDPiGGSjophbmCyd30+JwWku0HQjBvNqGalkHuOiOA=";
overrideModAttrs = (_: { overrideModAttrs = (_: {
preBuild = '' preBuild = ''