dotfiles/nixos/systems/blowhole/uterranix.nix

{ config, inputs, lib, config', pkgs, ... }:
{
  imports = [ inputs.uterranix.nixosModules.default ];

  uterranix.config = { config, tflib, ... }:
    let
      inherit (tflib)
        tf;
    in
      {
        terraform.required_providers = ((a: builtins.break a) config'.flake.uterranix.config.${pkgs.stdenv.system}).terraform.required_providers;

        imports = config'.uterranix.modules;

        resource."vault_consul_secret_backend_role"."envoy-grafana" = {
          name = "envoy-grafana";

          backend = "consul";

          service_identities = [
            "grafana"
            "influx"
            "telegraf"
          ];

          node_identities = [
            "blowhole:homelab-1"
          ];
        };

        resource."consul_acl_policy"."envoy-blowhole" = {
          name = "envoy-blowhole";
          datacenters = [ "homelab-1" ];

          rules = ''
            mesh = "write"
          '';
        };

        resource."vault_consul_secret_backend_role"."envoy-blowhole" = {
          name = "envoy-blowhole";
          backend = "consul";

          consul_policies = [
            (tf "consul_acl_policy.envoy-blowhole.name")
          ];

          service_identities = [
            "telegraf-blowhole"
          ];

          node_identities = [
            "blowhole:homelab-1"
          ];
        };

        resource."vault_consul_secret_backend_role"."envoy-klipper" = {
          name = "envoy-klipper";

          backend = "consul";

          service_identities = [
            "mainsail"
          ];

          node_identities = [
            "blowhole:homelab-1"
          ];
        };
      };
}
Add new uterranix config Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-04-03 01:29:47 +02:00			`{ config, inputs, lib, config', pkgs, ... }:`
			`{`
			`imports = [ inputs.uterranix.nixosModules.default ];`

Use tf in blowhole uterranix config Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-04-03 02:12:16 +02:00			`uterranix.config = { config, tflib, ... }:`
			`let`
			`inherit (tflib)`
			`tf;`
			`in`
			`{`
			`terraform.required_providers = ((a: builtins.break a) config'.flake.uterranix.config.${pkgs.stdenv.system}).terraform.required_providers;`

			`imports = config'.uterranix.modules;`

			`resource."vault_consul_secret_backend_role"."envoy-grafana" = {`
			`name = "envoy-grafana";`

			`backend = "consul";`

			`service_identities = [`
			`"grafana"`
			`"influx"`
			`"telegraf"`
			`];`

			`node_identities = [`
			`"blowhole:homelab-1"`
			`];`
			`};`

			`resource."consul_acl_policy"."envoy-blowhole" = {`
			`name = "envoy-blowhole";`
			`datacenters = [ "homelab-1" ];`

			`rules = ''`
			`mesh = "write"`
			`'';`
			`};`

			`resource."vault_consul_secret_backend_role"."envoy-blowhole" = {`
			`name = "envoy-blowhole";`
			`backend = "consul";`

			`consul_policies = [`
			`(tf "consul_acl_policy.envoy-blowhole.name")`
			`];`

			`service_identities = [`
			`"telegraf-blowhole"`
			`];`

			`node_identities = [`
			`"blowhole:homelab-1"`
			`];`
			`};`
Move klipper into NixOS container Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-04-03 17:43:23 +02:00
			`resource."vault_consul_secret_backend_role"."envoy-klipper" = {`
			`name = "envoy-klipper";`

			`backend = "consul";`

			`service_identities = [`
			`"mainsail"`
			`];`

			`node_identities = [`
			`"blowhole:homelab-1"`
			`];`
			`};`
Use tf in blowhole uterranix config Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-04-03 02:12:16 +02:00			`};`
Add new uterranix config Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-04-03 01:29:47 +02:00			`}`