blob: 51ad138eb6f986e1729740570252da12282620b0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
{ lib, pkgs, ... }:
let
serverSize = "s-2vcpu-2gb";
extraFilesScript = pkgs.writeShellScript "extra-files-script" ''
#!/usr/bin/env bash
set -euo pipefail
mkdir -p etc/ssh/
if [ -n "''${DO_SSH_HOSTKEY:-}" ]; then
echo "Setting up SSH host key from environment"
echo "$DO_SSH_HOSTKEY" | base64 -d > etc/ssh/ssh_host_ed25519_key
chmod 0600 etc/ssh/ssh_host_ed25519_key
else
echo "Warning: DO_SSH_HOSTKEY environment variable not set"
fi
'';
in
{
provider.digitalocean = {
# Token will be read from DIGITALOCEAN_TOKEN environment variable
};
resource = {
# Random string for unique naming
random_string.host = {
length = 6;
special = false;
upper = false;
};
digitalocean_ssh_key.default = {
name = "nixos-anywhere-\${random_string.host.result}";
public_key = lib.tfRef "var.digitalocean_public_key";
};
digitalocean_droplet.nixos = {
name = "nixos-\${random_string.host.result}";
image = "ubuntu-24-04-x64"; # Bootstrap image
size = serverSize;
region = lib.tfRef "var.digitalocean_region";
ssh_keys = [ "\${digitalocean_ssh_key.default.id}" ];
tags = [
"nixos"
"infrastructure"
];
};
};
module = {
nixos-system-build = {
source = "github.com/nix-community/nixos-anywhere//terraform/nix-build";
attribute = ".#nixosConfigurations.do-rproxy.config.system.build.toplevel";
};
nixos-disko = {
source = "github.com/nix-community/nixos-anywhere//terraform/nix-build";
attribute = ".#nixosConfigurations.do-rproxy.config.system.build.diskoScript";
};
nixos-install = {
source = "github.com/nix-community/nixos-anywhere//terraform/install";
nixos_system = "\${module.nixos-system-build.result.out}";
nixos_partitioner = "\${module.nixos-disko.result.out}";
target_host = "\${digitalocean_droplet.nixos.ipv4_address}";
build_on_remote = true;
extra_files_script = toString extraFilesScript;
};
};
output = {
server_ip = {
description = "IP address of the NixOS server";
value = "\${digitalocean_droplet.nixos.ipv4_address}";
};
ssh_command = {
description = "SSH command to connect to the server";
value = "ssh root@\${digitalocean_droplet.nixos.ipv4_address}";
};
server_name = {
description = "Name of the created server";
value = "\${digitalocean_droplet.nixos.name}";
};
};
}
|
