diff options
| -rw-r--r-- | nix/scripts/common.nix | 38 | ||||
| -rw-r--r-- | nix/tofu/backups.nix | 42 |
2 files changed, 80 insertions, 0 deletions
diff --git a/nix/scripts/common.nix b/nix/scripts/common.nix index 931480c..6aa73c2 100644 --- a/nix/scripts/common.nix +++ b/nix/scripts/common.nix @@ -1,4 +1,42 @@ { pkgs }: [ (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file") + + (pkgs.writeShellScriptBin "gcloud-auth" '' + set -xeuo pipefail + ${pkgs.google-cloud-sdk}/bin/gcloud auth print-identity-token > /dev/null 2>&1 || \ + ${pkgs.google-cloud-sdk}/bin/gcloud auth login --quiet + ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default print-access-token > /dev/null 2>&1 || \ + ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default login --quiet + '') + + (pkgs.writeShellScriptBin "tofu-apply" '' + set -xeuo pipefail + ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets describe \ + gs://fcuny-infra-tofu-state \ + --project=fcuny-infra \ + --quiet || \ + ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets create \ + gs://fcuny-infra-tofu-state \ + --project=fcuny-infra \ + --uniform-bucket-level-access \ + --public-access-prevention \ + --location=us-west1 \ + --default-storage-class=STANDARD \ + --quiet + + TMPDIR=$(mktemp -d) + trap 'rm -rf "$TMPDIR"' EXIT + + ${pkgs.coreutils}/bin/install -Dm 0644 ${ + import ../tofu/backups.nix { + inherit + pkgs + ; + } + } "$TMPDIR/backups/backups.tf.json" + + ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" init + ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" apply -auto-approve + '') ] diff --git a/nix/tofu/backups.nix b/nix/tofu/backups.nix new file mode 100644 index 0000000..e76ed2e --- /dev/null +++ b/nix/tofu/backups.nix @@ -0,0 +1,42 @@ +{ + pkgs, +}: +pkgs.writeTextFile { + name = "backups.tf.json"; + text = builtins.toJSON ([ + { + terraform = { + backend = { + gcs = { + bucket = "fcuny-infra-tofu-state"; + prefix = "backups"; + }; + }; + }; + } + { + provider = { + google = [ + { + project = "fcuny-infra"; + region = "us-west1"; + } + ]; + }; + } + { + resource = { + google_storage_bucket = { + "backups" = { + name = "fcuny-infra-backups"; + location = "us-west1"; + uniform_bucket_level_access = true; + force_destroy = true; + public_access_prevention = "enforced"; + storage_class = "NEARLINE"; + }; + }; + }; + } + ]); +} |