aboutsummaryrefslogblamecommitdiff
path: root/terraform/admin/droplet-proxy.nix
blob: 51ad138eb6f986e1729740570252da12282620b0 (plain) (tree) 
145e1da

























































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

























































































                                                                                    
{ lib, pkgs, ... }:
let
  serverSize = "s-2vcpu-2gb";

  extraFilesScript = pkgs.writeShellScript "extra-files-script" ''
    #!/usr/bin/env bash
    set -euo pipefail

    mkdir -p etc/ssh/

    if [ -n "''${DO_SSH_HOSTKEY:-}" ]; then
      echo "Setting up SSH host key from environment"
      echo "$DO_SSH_HOSTKEY" | base64 -d > etc/ssh/ssh_host_ed25519_key
      chmod 0600 etc/ssh/ssh_host_ed25519_key
    else
      echo "Warning: DO_SSH_HOSTKEY environment variable not set"
    fi
  '';

in
{
  provider.digitalocean = {
    # Token will be read from DIGITALOCEAN_TOKEN environment variable
  };

  resource = {
    # Random string for unique naming
    random_string.host = {
      length = 6;
      special = false;
      upper = false;
    };

    digitalocean_ssh_key.default = {
      name = "nixos-anywhere-\${random_string.host.result}";
      public_key = lib.tfRef "var.digitalocean_public_key";
    };

    digitalocean_droplet.nixos = {
      name = "nixos-\${random_string.host.result}";
      image = "ubuntu-24-04-x64"; # Bootstrap image
      size = serverSize;
      region = lib.tfRef "var.digitalocean_region";
      ssh_keys = [ "\${digitalocean_ssh_key.default.id}" ];
      tags = [
        "nixos"
        "infrastructure"
      ];
    };
  };

  module = {
    nixos-system-build = {
      source = "github.com/nix-community/nixos-anywhere//terraform/nix-build";
      attribute = ".#nixosConfigurations.do-rproxy.config.system.build.toplevel";
    };

    nixos-disko = {
      source = "github.com/nix-community/nixos-anywhere//terraform/nix-build";
      attribute = ".#nixosConfigurations.do-rproxy.config.system.build.diskoScript";
    };

    nixos-install = {
      source = "github.com/nix-community/nixos-anywhere//terraform/install";
      nixos_system = "\${module.nixos-system-build.result.out}";
      nixos_partitioner = "\${module.nixos-disko.result.out}";
      target_host = "\${digitalocean_droplet.nixos.ipv4_address}";
      build_on_remote = true;
      extra_files_script = toString extraFilesScript;
    };
  };

  output = {
    server_ip = {
      description = "IP address of the NixOS server";
      value = "\${digitalocean_droplet.nixos.ipv4_address}";
    };

    ssh_command = {
      description = "SSH command to connect to the server";
      value = "ssh root@\${digitalocean_droplet.nixos.ipv4_address}";
    };

    server_name = {
      description = "Name of the created server";
      value = "\${digitalocean_droplet.nixos.name}";
    };
  };
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 08:29:26 +0000