manage a DigitalOcean virtual machine with nixos

Add a new machine on DigitalOcean and provision it using terraform +
nixos-anywhere. This takes care of bringing the machine up on nixos
completely, and use a static SSH host key in order to configure
wireguard at the same time.

2 files changed, 0 insertions, 83 deletions

diff --git a/scripts/default.nix b/scripts/default.nix
index bf91760..90851df 100644
--- a/scripts/default.nix
+++ b/scripts/default.nix
@@ -2,23 +2,19 @@
   pkgs,
   system,
   inputs,
-  self,
 }:
 let
   common = import ./common.nix { inherit pkgs; };
-  infra = import ./infra.nix { inherit self pkgs; };
   darwin = import ./darwin.nix { inherit pkgs system inputs; };
   linux = import ./linux.nix { inherit pkgs system inputs; };
 in
 {
   common = common;
-  infra = infra;
   darwin = if pkgs.lib.hasSuffix "darwin" system then darwin else [ ];
   linux = if pkgs.lib.hasSuffix "linux" system then linux else [ ];
 
   all =
     common
-    ++ infra
     ++ (if pkgs.lib.hasSuffix "darwin" system then darwin else [ ])
     ++ (if pkgs.lib.hasSuffix "linux" system then linux else [ ]);
 }
diff --git a/scripts/infra.nix b/scripts/infra.nix
deleted file mode 100644
index aa9b0d6..0000000
--- a/scripts/infra.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ self, pkgs }:
-let
-  tofuSetup = ''
-    tofu_setup() {
-      # Ensure bucket exists
-      ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets describe \
-        gs://fcuny-infra-tofu-state \
-        --project=fcuny-infra \
-        --quiet || \
-      ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets create \
-        gs://fcuny-infra-tofu-state \
-        --project=fcuny-infra \
-        --uniform-bucket-level-access \
-        --public-access-prevention \
-        --location=us-west1 \
-        --default-storage-class=STANDARD \
-        --quiet
-
-      # Setup temp directory
-      TMPDIR=$(mktemp -d)
-      trap 'rm -rf "$TMPDIR"' EXIT
-
-      # Install terraform configs
-      ${pkgs.coreutils}/bin/install -Dm 0644 ${
-        import "${self}/infra/tf/backups.nix" {
-          inherit pkgs;
-        }
-      } "$TMPDIR/backups/backups.tf.json"
-
-      ${pkgs.coreutils}/bin/install -Dm 0644 ${
-        import "${self}/infra/tf/dns.nix" {
-          inherit pkgs;
-        }
-      } "$TMPDIR/cloudflare/cloudflare-dns.tf.json"
-
-      # Initialize both workspaces
-      ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" init
-      ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/cloudflare" init
-
-      # Fetch Cloudflare API token
-      CLOUDFLARE_API_TOKEN=$(${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/mcwt3evuidhalk3dfz4tqpzdpa/credential")
-    }
-  '';
-in
-[
-  (pkgs.writeShellScriptBin "gcloud-auth" ''
-    set -xeuo pipefail
-    ${pkgs.google-cloud-sdk}/bin/gcloud auth print-identity-token > /dev/null 2>&1 || \
-    ${pkgs.google-cloud-sdk}/bin/gcloud auth login --quiet
-    ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default print-access-token > /dev/null 2>&1 || \
-    ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default login --quiet
-  '')
-
-  (pkgs.writeShellScriptBin "tf-plan" ''
-    set -xeuo pipefail
-
-    ${tofuSetup}
-    tofu_setup
-
-    echo "=== Planning backups ==="
-    ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" plan
-
-    echo "=== Planning cloudflare ==="
-    CLOUDFLARE_API_TOKEN="$CLOUDFLARE_API_TOKEN" ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/cloudflare" plan
-  '')
-
-  (pkgs.writeShellScriptBin "tf-apply" ''
-    set -xeuo pipefail
-
-    ${tofuSetup}
-    tofu_setup
-
-    echo "=== Applying backups ==="
-    ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" apply -auto-approve
-
-    echo "=== Applying cloudflare ==="
-    CLOUDFLARE_API_TOKEN="$CLOUDFLARE_API_TOKEN" ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/cloudflare" apply -auto-approve
-  '')
-]