dotfiles/terranix/main/toothpick.nix

78 lines
1.9 KiB
Nix
Raw Normal View History

{
uterranix-lib,
config,
...
}: let
inherit
(uterranix-lib)
tf
;
paths.consul = {
encryption_key = "do-1/toothpick/consul/encryption_key";
agent_token = "do-1/toothpick/consul/agent_token";
anonymous_token = "do-1/toothpick/consul/anonymous_token";
replication_token = "do-1/toothpick/consul/replication_token";
};
paths.nomad = {
encryption_key = "do-1/toothpick/nomad/encryption_key";
vault_token = "do-1/toothpick/nomad/vault_token";
consul_token = "do-1/toothpick/nomad/consul_token";
replication_token = "do-1/toothpick/nomad/replication_token";
};
vaultKvMount = config.resource."vault_mount"."kv".path;
in {
prefab.consulAgent."toothpick" = {
datacenter = "do-1";
replicationDatacenters = ["homelab-1"];
inherit vaultKvMount;
paths = {
encryptionKey = paths.consul.encryption_key;
agentToken = paths.consul.agent_token;
anonymousToken = paths.consul.anonymous_token;
replicationToken = paths.consul.replication_token;
};
encryptionKey = tf "random_id.do-1_consul_encryption_key.b64_std";
anonymousToken = {
secret = tf "data.consul_acl_token_secret_id.anonymous.secret_id";
accessor = tf "consul_acl_token.anonymous.id";
};
};
prefab.nomadServer."toothpick" = {
datacenters = ["do-1"];
inherit vaultKvMount;
encryptionKey = tf "random_id.nomad_encryption_key.b64_std";
paths = {
encryptionKey = paths.nomad.encryption_key;
vaultToken = paths.nomad.vault_token;
consulToken = paths.nomad.consul_token;
replicationToken = paths.nomad.replication_token;
};
};
prefab.pushApproles."toothpick" = {
host = "10.64.0.1";
user = "main";
policies = [
(tf "vault_policy.toothpick_consul.name")
(tf "vault_policy.toothpick_nomad.name")
];
metadata = {
"ip_address" = "redalder.org";
};
approlePath = tf "vault_auth_backend.approle.path";
};
}