dotfiles/nixos/systems/blowhole/uterranix.nix

{
  config,
  inputs',
  lib,
  config',
  pkgs,
  ...
}: let
  inherit
    (lib)
    singleton
    ;
in {
  imports = [inputs'.uterranix.nixosModules.default];

  uterranix.configurations.main = {
    config,
    tflib,
    ...
  }: let
    inherit
      (tflib)
      tf
      ;
  in {
    # terraform.required_providers =
    #   config'.flake.uterranix.config.${pkgs.stdenv.system}.terraform.required_providers;

    imports = config'.uterranix.modules;

    resource."vault_consul_secret_backend_role"."envoy-grafana" = {
      name = "envoy-grafana";

      backend = "consul";

      service_identities = [
        "grafana"
        "influx"
        "telegraf"
      ];

      node_identities = singleton "blowhole:homelab-1";
    };

    resource."consul_acl_policy"."envoy-blowhole" = {
      name = "envoy-blowhole";
      datacenters = singleton "homelab-1";

      rules = ''
        mesh = "write"
      '';
    };

    resource."vault_consul_secret_backend_role"."envoy-blowhole" = {
      name = "envoy-blowhole";
      backend = "consul";

      consul_policies = singleton (tf "consul_acl_policy.envoy-blowhole.name");

      service_identities = singleton "telegraf-blowhole";

      node_identities = [
        "blowhole:homelab-1"
      ];
    };

    resource."vault_consul_secret_backend_role"."envoy-klipper" = {
      name = "envoy-klipper";

      backend = "consul";

      service_identities = singleton "mainsail";

      node_identities = singleton "blowhole:homelab-1";
    };
  };
}
Possibly functional blowhole configuration Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-06-12 23:25:40 +02:00			`{`
Reformat the whole flake using alejandra Signed-off-by: magic_rb <magic_rb@redalder.org> 2024-03-02 22:05:30 +01:00			`config,`
			`inputs',`
			`lib,`
			`config',`
			`pkgs,`
			`...`
			`}: let`
			`inherit`
			`(lib)`
			`singleton`
			`;`
			`in {`
			`imports = [inputs'.uterranix.nixosModules.default];`

Switch to new `uterranix` version Signed-off-by: magic_rb <magic_rb@redalder.org> 2024-04-06 14:31:51 +02:00			`uterranix.configurations.main = {`
Reformat the whole flake using alejandra Signed-off-by: magic_rb <magic_rb@redalder.org> 2024-03-02 22:05:30 +01:00			`config,`
			`tflib,`
			`...`
			`}: let`
			`inherit`
			`(tflib)`
			`tf`
			`;`
			`in {`
Switch to new `uterranix` version Signed-off-by: magic_rb <magic_rb@redalder.org> 2024-04-06 14:31:51 +02:00			`# terraform.required_providers =`
			`# config'.flake.uterranix.config.${pkgs.stdenv.system}.terraform.required_providers;`
Reformat the whole flake using alejandra Signed-off-by: magic_rb <magic_rb@redalder.org> 2024-03-02 22:05:30 +01:00
			`imports = config'.uterranix.modules;`

			`resource."vault_consul_secret_backend_role"."envoy-grafana" = {`
			`name = "envoy-grafana";`

			`backend = "consul";`

			`service_identities = [`
			`"grafana"`
			`"influx"`
			`"telegraf"`
			`];`

			`node_identities = singleton "blowhole:homelab-1";`
			`};`

			`resource."consul_acl_policy"."envoy-blowhole" = {`
			`name = "envoy-blowhole";`
			`datacenters = singleton "homelab-1";`

			`rules = ''`
			`mesh = "write"`
			`'';`
			`};`

			`resource."vault_consul_secret_backend_role"."envoy-blowhole" = {`
			`name = "envoy-blowhole";`
			`backend = "consul";`

			`consul_policies = singleton (tf "consul_acl_policy.envoy-blowhole.name");`

			`service_identities = singleton "telegraf-blowhole";`

			`node_identities = [`
			`"blowhole:homelab-1"`
			`];`
			`};`

			`resource."vault_consul_secret_backend_role"."envoy-klipper" = {`
			`name = "envoy-klipper";`

			`backend = "consul";`

			`service_identities = singleton "mainsail";`

			`node_identities = singleton "blowhole:homelab-1";`
			`};`
			`};`
Possibly functional blowhole configuration Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-06-12 23:25:40 +02:00			`}`