diff options
Diffstat (limited to '')
| -rw-r--r-- | nix/scripts/common.nix | 89 |
1 files changed, 64 insertions, 25 deletions
diff --git a/nix/scripts/common.nix b/nix/scripts/common.nix index 6aa73c2..b457ea2 100644 --- a/nix/scripts/common.nix +++ b/nix/scripts/common.nix @@ -1,4 +1,47 @@ { pkgs }: +let + tofuSetup = '' + tofu_setup() { + # Ensure bucket exists + ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets describe \ + gs://fcuny-infra-tofu-state \ + --project=fcuny-infra \ + --quiet || \ + ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets create \ + gs://fcuny-infra-tofu-state \ + --project=fcuny-infra \ + --uniform-bucket-level-access \ + --public-access-prevention \ + --location=us-west1 \ + --default-storage-class=STANDARD \ + --quiet + + # Setup temp directory + TMPDIR=$(mktemp -d) + trap 'rm -rf "$TMPDIR"' EXIT + + # Install terraform configs + ${pkgs.coreutils}/bin/install -Dm 0644 ${ + import ../tofu/backups.nix { + inherit pkgs; + } + } "$TMPDIR/backups/backups.tf.json" + + ${pkgs.coreutils}/bin/install -Dm 0644 ${ + import ../tofu/dns.nix { + inherit pkgs; + } + } "$TMPDIR/cloudflare/cloudflare-dns.tf.json" + + # Initialize both workspaces + ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" init + ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/cloudflare" init + + # Fetch Cloudflare API token + CLOUDFLARE_API_TOKEN=$(${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/mcwt3evuidhalk3dfz4tqpzdpa/credential") + } + ''; +in [ (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file") @@ -10,33 +53,29 @@ ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default login --quiet '') + (pkgs.writeShellScriptBin "tofu-plan" '' + set -xeuo pipefail + + ${tofuSetup} + tofu_setup + + echo "=== Planning backups ===" + ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" plan + + echo "=== Planning cloudflare ===" + CLOUDFLARE_API_TOKEN="$CLOUDFLARE_API_TOKEN" ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/cloudflare" plan + '') + (pkgs.writeShellScriptBin "tofu-apply" '' set -xeuo pipefail - ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets describe \ - gs://fcuny-infra-tofu-state \ - --project=fcuny-infra \ - --quiet || \ - ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets create \ - gs://fcuny-infra-tofu-state \ - --project=fcuny-infra \ - --uniform-bucket-level-access \ - --public-access-prevention \ - --location=us-west1 \ - --default-storage-class=STANDARD \ - --quiet - - TMPDIR=$(mktemp -d) - trap 'rm -rf "$TMPDIR"' EXIT - - ${pkgs.coreutils}/bin/install -Dm 0644 ${ - import ../tofu/backups.nix { - inherit - pkgs - ; - } - } "$TMPDIR/backups/backups.tf.json" - - ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" init + + ${tofuSetup} + tofu_setup + + echo "=== Applying backups ===" ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" apply -auto-approve + + echo "=== Applying cloudflare ===" + CLOUDFLARE_API_TOKEN="$CLOUDFLARE_API_TOKEN" ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/cloudflare" apply -auto-approve '') ] |