From 4c0ec2db80afadf9cc4cd48a8cb881f5242da508 Mon Sep 17 00:00:00 2001 From: r17x Date: Mon, 26 Dec 2022 23:37:28 +0700 Subject: [PATCH 01/18] chore: update git ignores --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index bdeb823..fc210c9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -.envrc .terraform terraform.tfstate terraform.tfstate.* @@ -8,5 +7,6 @@ terraform.tfstate.* ### direnv ### .direnv +.envrc # End of https://www.toptal.com/developers/gitignore/api/direnv From 49d7eb2eecca5612c4388d3f012ab9d67294ab5b Mon Sep 17 00:00:00 2001 From: r17x Date: Tue, 27 Dec 2022 14:16:21 +0700 Subject: [PATCH 02/18] feat: use flake and terranix this changes not breaking our workflow: * nix-shell refer to shell.nix * nix develop refer to flake.nix#devShells * TODO: rewrite *.tf to .nix --- .envrc.example | 4 ++ .gitignore | 4 +- flake.lock | 146 +++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 72 ++++++++++++++++++++++++ shell.nix | 27 ++++----- 5 files changed, 239 insertions(+), 14 deletions(-) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/.envrc.example b/.envrc.example index b682864..a12bd52 100644 --- a/.envrc.example +++ b/.envrc.example @@ -1,5 +1,9 @@ +# legacy nix use_nix +# 👇 uncomment when you want to use flake +# use flake + export TF_VAR_do_token= export TF_VAR_linode_token= export TF_VAR_namecheap_username= diff --git a/.gitignore b/.gitignore index fc210c9..85b4231 100644 --- a/.gitignore +++ b/.gitignore @@ -6,7 +6,9 @@ terraform.tfstate.* # Edit at https://www.toptal.com/developers/gitignore?templates=direnv ### direnv ### -.direnv .envrc +.direnv # End of https://www.toptal.com/developers/gitignore/api/direnv +result +config.tf.json diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..dbc23d6 --- /dev/null +++ b/flake.lock @@ -0,0 +1,146 @@ +{ + "nodes": { + "bats-assert": { + "flake": false, + "locked": { + "lastModified": 1636059754, + "narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=", + "owner": "bats-core", + "repo": "bats-assert", + "rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5", + "type": "github" + }, + "original": { + "owner": "bats-core", + "repo": "bats-assert", + "type": "github" + } + }, + "bats-support": { + "flake": false, + "locked": { + "lastModified": 1548869839, + "narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=", + "owner": "bats-core", + "repo": "bats-support", + "rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3", + "type": "github" + }, + "original": { + "owner": "bats-core", + "repo": "bats-support", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1634851050, + "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1672118464, + "narHash": "sha256-9HazGmFe84C6QU4GsnGhNj3p7sNN6W/mHTPcXZBPePs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e6b0c03ff4dab85a1e2036937672c53fbb8295ab", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "terranix": "terranix" + } + }, + "terranix": { + "inputs": { + "bats-assert": "bats-assert", + "bats-support": "bats-support", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "terranix-examples": "terranix-examples" + }, + "locked": { + "lastModified": 1662478785, + "narHash": "sha256-5s9YFvbYMp8x0uoXM/jOCPPdjau6+4zeK/rGRkXBdx0=", + "owner": "terranix", + "repo": "terranix", + "rev": "fa51201238fd2a739d2e3dacefd985ff348107f9", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, + "terranix-examples": { + "locked": { + "lastModified": 1636300201, + "narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=", + "owner": "terranix", + "repo": "terranix-examples", + "rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix-examples", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..0dcc3e2 --- /dev/null +++ b/flake.nix @@ -0,0 +1,72 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs"; + + # terranix modules + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Other sources / nix utilities + flake-compat = { url = "github:edolstra/flake-compat"; flake = false; }; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { self, nixpkgs, flake-utils, terranix, flake-compat }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + terraform = pkgs.terraform; + terraformConfiguration = terranix.lib.terranixConfiguration { + inherit system; + modules = [ + # TODO rewrite *.tf to .nix + # see https://terranix.org/documentation/terranix-vs-hcl/ + ]; + }; + in + { + defaultPackage = terraformConfiguration; + + # nix develop + devShell = pkgs.mkShell { + buildInputs = with pkgs;[ + terraform + terranix.defaultPackage.${system} + + tfsec + terrascan + + ripgrep + bat + ]; + }; + + # nix run ".#apply" + apps.apply = { + type = "app"; + program = toString (pkgs.writers.writeBash "apply" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${terraform}/bin/terraform init \ + && ${terraform}/bin/terraform apply + ''); + }; + + # nix run ".#destroy" + apps.destroy = { + type = "app"; + program = toString (pkgs.writers.writeBash "destroy" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${terraform}/bin/terraform init \ + && ${terraform}/bin/terraform destroy + ''); + }; + + # nix run + # every run will be generated config.tf.json + defaultApp = self.apps.${system}.apply; + }); +} diff --git a/shell.nix b/shell.nix index e95205e..8e44d12 100644 --- a/shell.nix +++ b/shell.nix @@ -1,13 +1,14 @@ -with import {}; - -pkgs.mkShell { - name = "area13"; - - buildInputs = [ - terraform - tfsec - terrascan - ripgrep - bat - ]; -} +# See https://nixos.wiki/wiki/Flakes#Using_flakes_project_from_a_legacy_Nix +(import + ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { + src = ./.; + }).shellNix From af9d13f138abd09dc937cc8e5b1f726223f57175 Mon Sep 17 00:00:00 2001 From: r17x Date: Tue, 27 Dec 2022 16:11:54 +0700 Subject: [PATCH 03/18] chore: add nix flake check for check source --- flake.lock | 16 +++++++ flake.nix | 119 +++++++++++++++++++++++++++++++---------------------- 2 files changed, 85 insertions(+), 50 deletions(-) diff --git a/flake.lock b/flake.lock index dbc23d6..df1de87 100644 --- a/flake.lock +++ b/flake.lock @@ -78,6 +78,21 @@ "type": "github" } }, + "nix-filter": { + "locked": { + "lastModified": 1666547822, + "narHash": "sha256-razwnAybPHyoAyhkKCwXdxihIqJi1G6e1XP4FQOJTEs=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "1a3b735e13e90a8d2fd5629f2f8363bd7ffbbec7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1672118464, @@ -97,6 +112,7 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils", + "nix-filter": "nix-filter", "nixpkgs": "nixpkgs", "terranix": "terranix" } diff --git a/flake.nix b/flake.nix index 0dcc3e2..3dae420 100644 --- a/flake.nix +++ b/flake.nix @@ -11,62 +11,81 @@ # Other sources / nix utilities flake-compat = { url = "github:edolstra/flake-compat"; flake = false; }; flake-utils.url = "github:numtide/flake-utils"; + nix-filter.url = "github:numtide/nix-filter"; }; - outputs = { self, nixpkgs, flake-utils, terranix, flake-compat }: - flake-utils.lib.eachDefaultSystem (system: - let - pkgs = nixpkgs.legacyPackages.${system}; - terraform = pkgs.terraform; - terraformConfiguration = terranix.lib.terranixConfiguration { - inherit system; - modules = [ - # TODO rewrite *.tf to .nix - # see https://terranix.org/documentation/terranix-vs-hcl/ - ]; - }; - in - { - defaultPackage = terraformConfiguration; + outputs = { self, nixpkgs, flake-utils, terranix, flake-compat, nix-filter }: + flake-utils.lib.eachDefaultSystem + (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + terraform = pkgs.terraform; + terraformConfiguration = terranix.lib.terranixConfiguration { + inherit system; + modules = [ + # TODO rewrite *.tf to .nix + # see https://terranix.org/documentation/terranix-vs-hcl/ + ]; + }; + sources.nix = nix-filter.lib { + root = ./.; + include = [ + (nix-filter.lib.matchExt "nix") + ]; + }; + in + { + defaultPackage = terraformConfiguration; - # nix develop - devShell = pkgs.mkShell { - buildInputs = with pkgs;[ - terraform - terranix.defaultPackage.${system} + # nix develop + devShells.default = pkgs.mkShell { + buildInputs = with pkgs;[ + terraform + terranix.defaultPackage.${system} - tfsec - terrascan + tfsec + terrascan - ripgrep - bat - ]; - }; + ripgrep + bat + ]; + }; - # nix run ".#apply" - apps.apply = { - type = "app"; - program = toString (pkgs.writers.writeBash "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform apply - ''); - }; + # nix run ".#apply" + apps.apply = { + type = "app"; + program = toString (pkgs.writers.writeBash "apply" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${terraform}/bin/terraform init \ + && ${terraform}/bin/terraform apply + ''); + }; - # nix run ".#destroy" - apps.destroy = { - type = "app"; - program = toString (pkgs.writers.writeBash "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform destroy - ''); - }; + # nix run ".#destroy" + apps.destroy = { + type = "app"; + program = toString (pkgs.writers.writeBash "destroy" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${terraform}/bin/terraform init \ + && ${terraform}/bin/terraform destroy + ''); + }; - # nix run - # every run will be generated config.tf.json - defaultApp = self.apps.${system}.apply; - }); + # nix flake check + checks.${system} = + pkgs.runCommand "check-nixpkgs-fmt" + { nativeBuildInputs = [ pkgs.nixpkgs-fmt ]; } + '' + echo "checking nix formatting" + nixpkgs-fmt --check ${sources.nix} + touch $out + ''; + + + # nix run + # every run will be generated config.tf.json + defaultApp = self.apps.${system}.apply; + }); } From d738118365f9963339acfd9df2a144a624a56746 Mon Sep 17 00:00:00 2001 From: r17x Date: Wed, 28 Dec 2022 10:12:32 +0700 Subject: [PATCH 04/18] chore: enable pre-commit when run nix-shell or nix develop --- .gitignore | 3 ++ flake.lock | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 26 +++++++++------ 3 files changed, 114 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index 85b4231..9900e29 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,6 @@ terraform.tfstate.* # End of https://www.toptal.com/developers/gitignore/api/direnv result config.tf.json + +# ignored generated precommit config by nix-precommit +/.pre-commit-config.yaml diff --git a/flake.lock b/flake.lock index df1de87..c207951 100644 --- a/flake.lock +++ b/flake.lock @@ -48,6 +48,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1667395993, @@ -64,6 +80,21 @@ } }, "flake-utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "locked": { "lastModified": 1634851050, "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", @@ -78,6 +109,27 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "nix-filter": { "locked": { "lastModified": 1666547822, @@ -108,12 +160,53 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1671271954, + "narHash": "sha256-cSvu+bnvN08sOlTBWbBrKaBHQZq8mvk8bgpt0ZJ2Snc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d513b448cc2a6da2c8803e3c197c9fc7e67b19e3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1672050129, + "narHash": "sha256-GBQMcvJUSwAVOpDjVKzB6D5mmHI7Y4nFw+04bnS9QrM=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "67d98f02443b9928bc77f1267741dcfdd3d7b65c", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nix-filter": "nix-filter", "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", "terranix": "terranix" } }, @@ -121,7 +214,7 @@ "inputs": { "bats-assert": "bats-assert", "bats-support": "bats-support", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], diff --git a/flake.nix b/flake.nix index 3dae420..db0edbb 100644 --- a/flake.nix +++ b/flake.nix @@ -9,12 +9,18 @@ }; # Other sources / nix utilities + + # pre-commit-hooks + pre-commit-hooks = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; flake-compat = { url = "github:edolstra/flake-compat"; flake = false; }; flake-utils.url = "github:numtide/flake-utils"; nix-filter.url = "github:numtide/nix-filter"; }; - outputs = { self, nixpkgs, flake-utils, terranix, flake-compat, nix-filter }: + outputs = { self, nixpkgs, flake-utils, terranix, flake-compat, nix-filter, pre-commit-hooks }: flake-utils.lib.eachDefaultSystem (system: let @@ -39,6 +45,7 @@ # nix develop devShells.default = pkgs.mkShell { + inherit (self.checks.${system}.pre-commit-check) shellHook; buildInputs = with pkgs;[ terraform terranix.defaultPackage.${system} @@ -74,14 +81,15 @@ }; # nix flake check - checks.${system} = - pkgs.runCommand "check-nixpkgs-fmt" - { nativeBuildInputs = [ pkgs.nixpkgs-fmt ]; } - '' - echo "checking nix formatting" - nixpkgs-fmt --check ${sources.nix} - touch $out - ''; + checks = { + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixpkgs-fmt.enable = true; + terraform-format = true; + }; + }; + }; # nix run From 4ddad67fa56fc2a603df815b60136f93b09f127f Mon Sep 17 00:00:00 2001 From: r17x Date: Wed, 28 Dec 2022 10:14:46 +0700 Subject: [PATCH 05/18] chore: commit config.tf.json --- .gitignore | 1 - config.tf.json | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 config.tf.json diff --git a/.gitignore b/.gitignore index 9900e29..412e7cd 100644 --- a/.gitignore +++ b/.gitignore @@ -11,7 +11,6 @@ terraform.tfstate.* # End of https://www.toptal.com/developers/gitignore/api/direnv result -config.tf.json # ignored generated precommit config by nix-precommit /.pre-commit-config.yaml diff --git a/config.tf.json b/config.tf.json new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/config.tf.json @@ -0,0 +1 @@ +{} From c35b45969a6c43f379bc2c31a47d097c7957cdda Mon Sep 17 00:00:00 2001 From: r17x Date: Wed, 28 Dec 2022 10:32:46 +0700 Subject: [PATCH 06/18] chore: fix terraform pre-commit attributes --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index db0edbb..5e8b44d 100644 --- a/flake.nix +++ b/flake.nix @@ -86,7 +86,7 @@ src = ./.; hooks = { nixpkgs-fmt.enable = true; - terraform-format = true; + terraform-format. enable = true; }; }; }; From bcf7ac8e37804c8c999fde50848910dae4850861 Mon Sep 17 00:00:00 2001 From: r17x Date: Wed, 28 Dec 2022 10:41:44 +0700 Subject: [PATCH 07/18] chore: add validate terraform config --- flake.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 5e8b44d..73e610e 100644 --- a/flake.nix +++ b/flake.nix @@ -86,7 +86,15 @@ src = ./.; hooks = { nixpkgs-fmt.enable = true; - terraform-format. enable = true; + terraform-format.enable = true; + validate-terraform = { + name = "Validate terraform configuration"; + enable = true; + entry = "terraform validate"; + files = "\\.tf.json$"; + language = "system"; + pass_filenames = false; + }; }; }; }; From 0fa3aad864f3ffbae4bd12b3b9c7ba830ecc6e80 Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:09:15 +0700 Subject: [PATCH 08/18] refactor: nixify do_vpc --- do_vpc.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 do_vpc.nix diff --git a/do_vpc.nix b/do_vpc.nix new file mode 100644 index 0000000..b639171 --- /dev/null +++ b/do_vpc.nix @@ -0,0 +1,7 @@ +{ + resource.digitalocean_vpc.default_sgp = { + name = "default-sgp1"; + ip_range = "10.104.0.0/20"; + region = "sgp1"; + }; +} From f70a7d5d78a41eaf8836ce46f648ebe1cc2df68f Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:09:46 +0700 Subject: [PATCH 09/18] chore: update atlantis --- atlantis.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/atlantis.yaml b/atlantis.yaml index c05a613..8ee71eb 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,6 +8,7 @@ workflows: default: plan: steps: + - run: nix build -o config.tf.json - init - plan: extra_args: ["-var-file", "/etc/atlantis/area13.tfvars"] From dc1b416845a26fcb4cefc0db19b3854688d25af5 Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:25:41 +0700 Subject: [PATCH 10/18] chore: for debugging delete later --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 8ee71eb..9c2d334 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,7 +8,7 @@ workflows: default: plan: steps: - - run: nix build -o config.tf.json + - run: echo $PATH; id; nix build -o config.tf.json - init - plan: extra_args: ["-var-file", "/etc/atlantis/area13.tfvars"] From dfdc8833adf46ed91b9956efaa28402e5f23b7c4 Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:29:28 +0700 Subject: [PATCH 11/18] chore: lfgggg --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 9c2d334..412226a 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,7 +8,7 @@ workflows: default: plan: steps: - - run: echo $PATH; id; nix build -o config.tf.json + - run: export PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH; echo $PATH; nix build -o config.tf.json - init - plan: extra_args: ["-var-file", "/etc/atlantis/area13.tfvars"] From 502a7297d4031fca9f636333c131d10f10f609bc Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:33:25 +0700 Subject: [PATCH 12/18] fix: why not --- atlantis.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/atlantis.yaml b/atlantis.yaml index 412226a..f63bee2 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,6 +8,7 @@ workflows: default: plan: steps: + - run: rm ./config.tf.json || true - run: export PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH; echo $PATH; nix build -o config.tf.json - init - plan: From 8449ae6311786e899b6d4ca4c44dd82cfd514ac8 Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:36:49 +0700 Subject: [PATCH 13/18] feat: just testing --- do_vpc.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/do_vpc.nix b/do_vpc.nix index b639171..485164a 100644 --- a/do_vpc.nix +++ b/do_vpc.nix @@ -4,4 +4,9 @@ ip_range = "10.104.0.0/20"; region = "sgp1"; }; + resource.digitalocean_vpc.dummy_sgp = { + name = "dummy-sgp"; + ip_range = "10.105.69.0/20"; + region = "sgp1"; + }; } From 8240f552d8608686f8f04254e24f5cf633639dba Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:51:29 +0700 Subject: [PATCH 14/18] feat: yes --- flake.nix | 66 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 27 deletions(-) diff --git a/flake.nix b/flake.nix index 73e610e..93a42e6 100644 --- a/flake.nix +++ b/flake.nix @@ -69,39 +69,51 @@ ''); }; - # nix run ".#destroy" - apps.destroy = { + # nix run ".#build" + apps.build = { type = "app"; - program = toString (pkgs.writers.writeBash "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform destroy + program = toString (pkgs.writers.writeBash "apply" '' + if [[ -e config.tf.json ]]; then rm config.tf.json; fi + cp ${terraformConfiguration} config.tf.json ''); }; - # nix flake check - checks = { - pre-commit-check = pre-commit-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixpkgs-fmt.enable = true; - terraform-format.enable = true; - validate-terraform = { - name = "Validate terraform configuration"; - enable = true; - entry = "terraform validate"; - files = "\\.tf.json$"; - language = "system"; - pass_filenames = false; + # nix run ".#apply" + apps.apply = { + + # nix run ".#destroy" + apps.destroy = { + type = "app"; + program = toString (pkgs.writers.writeBash "destroy" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${terraform}/bin/terraform init \ + && ${terraform}/bin/terraform destroy + ''); + }; + + # nix flake check + checks = { + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixpkgs-fmt.enable = true; + terraform-format.enable = true; + validate-terraform = { + name = "Validate terraform configuration"; + enable = true; + entry = "terraform validate"; + files = "\\.tf.json$"; + language = "system"; + pass_filenames = false; + }; }; }; }; - }; - # nix run - # every run will be generated config.tf.json - defaultApp = self.apps.${system}.apply; - }); -} + # nix run + # every run will be generated config.tf.json + defaultApp = self.apps.${system}.apply; + }); + } From eeeb3b555a1262334714ad96267fd746e9515876 Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:51:46 +0700 Subject: [PATCH 15/18] feat: change something --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index f63bee2..7a627cd 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -9,7 +9,7 @@ workflows: plan: steps: - run: rm ./config.tf.json || true - - run: export PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH; echo $PATH; nix build -o config.tf.json + - run: export PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH; nix build; nix run .#build - init - plan: extra_args: ["-var-file", "/etc/atlantis/area13.tfvars"] From 6917421503a55c3e15c5cd52d9e73bdcee54ae94 Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 12:56:12 +0700 Subject: [PATCH 16/18] fix: my bad --- flake.nix | 63 ++++++++++++++++++++++++++----------------------------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/flake.nix b/flake.nix index 93a42e6..b965895 100644 --- a/flake.nix +++ b/flake.nix @@ -78,42 +78,39 @@ ''); }; - # nix run ".#apply" - apps.apply = { - - # nix run ".#destroy" - apps.destroy = { - type = "app"; - program = toString (pkgs.writers.writeBash "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform destroy - ''); - }; + # nix run ".#destroy" + apps.destroy = { + type = "app"; + program = toString (pkgs.writers.writeBash "destroy" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${terraform}/bin/terraform init \ + && ${terraform}/bin/terraform destroy + ''); + }; - # nix flake check - checks = { - pre-commit-check = pre-commit-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixpkgs-fmt.enable = true; - terraform-format.enable = true; - validate-terraform = { - name = "Validate terraform configuration"; - enable = true; - entry = "terraform validate"; - files = "\\.tf.json$"; - language = "system"; - pass_filenames = false; - }; + # nix flake check + checks = { + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixpkgs-fmt.enable = true; + terraform-format.enable = true; + validate-terraform = { + name = "Validate terraform configuration"; + enable = true; + entry = "terraform validate"; + files = "\\.tf.json$"; + language = "system"; + pass_filenames = false; }; }; }; + }; - # nix run - # every run will be generated config.tf.json - defaultApp = self.apps.${system}.apply; - }); - } + # nix run + # every run will be generated config.tf.json + defaultApp = self.apps.${system}.apply; + }); +} From 60b183b9b44309f200bd8935dd126340ee444b1f Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 13:03:40 +0700 Subject: [PATCH 17/18] feat: create dummy vpc --- flake.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index b965895..f1b40a8 100644 --- a/flake.nix +++ b/flake.nix @@ -29,8 +29,7 @@ terraformConfiguration = terranix.lib.terranixConfiguration { inherit system; modules = [ - # TODO rewrite *.tf to .nix - # see https://terranix.org/documentation/terranix-vs-hcl/ + ./do_vpc.nix ]; }; sources.nix = nix-filter.lib { From d159a648df318094d70b2bb53c2bd7b984a182de Mon Sep 17 00:00:00 2001 From: rizaldy Date: Wed, 28 Dec 2022 13:04:43 +0700 Subject: [PATCH 18/18] fix: duplicates --- do_vpc.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/do_vpc.nix b/do_vpc.nix index 485164a..520aadf 100644 --- a/do_vpc.nix +++ b/do_vpc.nix @@ -1,9 +1,4 @@ { - resource.digitalocean_vpc.default_sgp = { - name = "default-sgp1"; - ip_range = "10.104.0.0/20"; - region = "sgp1"; - }; resource.digitalocean_vpc.dummy_sgp = { name = "dummy-sgp"; ip_range = "10.105.69.0/20";