dotfiles/nixos/systems/blowhole/uterranix.nix

67 lines
1.6 KiB
Nix
Raw Normal View History

{ config, inputs', lib, config', pkgs, ... }:
let
inherit (lib)
singleton;
in
{
imports = [ inputs'.uterranix.nixosModules.default ];
uterranix.config = { config, tflib, ... }:
let
inherit (tflib)
tf;
in
{
terraform.required_providers =
config'.flake.uterranix.config.${pkgs.stdenv.system}.terraform.required_providers;
imports = config'.uterranix.modules;
resource."vault_consul_secret_backend_role"."envoy-grafana" = {
name = "envoy-grafana";
backend = "consul";
service_identities = [
"grafana"
"influx"
"telegraf"
];
node_identities = singleton "blowhole:homelab-1";
};
resource."consul_acl_policy"."envoy-blowhole" = {
name = "envoy-blowhole";
datacenters = singleton "homelab-1";
rules = ''
mesh = "write"
'';
};
resource."vault_consul_secret_backend_role"."envoy-blowhole" = {
name = "envoy-blowhole";
backend = "consul";
consul_policies = singleton (tf "consul_acl_policy.envoy-blowhole.name");
service_identities = singleton "telegraf-blowhole";
node_identities = [
"blowhole:homelab-1"
];
};
resource."vault_consul_secret_backend_role"."envoy-klipper" = {
name = "envoy-klipper";
backend = "consul";
service_identities = singleton "mainsail";
node_identities = singleton "blowhole:homelab-1";
};
};
}