Skip to content

Commit

Permalink
ref(hydrate): #0 use hydrate-* nomenclature in prep for on-prem req
Browse files Browse the repository at this point in the history 
- this is a better naming convention for becoming cloud agnostic
  • Loading branch information
@blaggacao
blaggacao committed Dec 15, 2021
1 parent bb6baf2 commit baa2e4b
Show file tree
Hide file tree
Showing 9 changed files with 48 additions and 15 deletions.
2 changes: 1 addition & 1 deletion modules/terraform/hydrate/docker-pwd.nix → .../terraform/hydrate-cluster/docker-pwd.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
{ terralib, ... }:
let inherit (terralib) var;
in {
tf.hydrate.configuration = {
tf.hydrate-cluster.configuration = {

data.sops_file.docker-developer-password.source_file =
"./encrypted/docker-passwords.json";
Expand Down
4 changes: 2 additions & 2 deletions modules/terraform/hydrate/policies.nix → ...es/terraform/hydrate-cluster/policies.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
let

inherit (terralib) var id;
tfcfg = config.tf.hydrate.configuration;
tfcfg = config.tf.hydrate-cluster.cluster.configuration;

__fromTOML = builtins.fromTOML;

Expand All @@ -15,7 +15,7 @@ let
consulPolicies = tfcfg.locals.policies.consul;

in {
tf.hydrate.configuration = {
tf.hydrate-cluster.cluster.configuration = {

# this is an auxiliary datastructure that can be modified/extended via terranix's magic merge
locals.policies = __fromTOML (__readFile ./policies.toml);
Expand Down
0 modules/terraform/hydrate/policies.toml → ...s/terraform/hydrate-cluster/policies.toml
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...les/terraform/hydrate/transit-sops-bk.nix → ...aform/hydrate-cluster/transit-sops-bk.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ let

inherit (terralib) var;
in {
tf.hydrate.configuration = {
tf.hydrate-cluster.configuration = {

resource.vault_mount.sops = {
path = "sops";
Expand Down
4 changes: 2 additions & 2 deletions modules/terraform/hydrate/vault-aws-auth.nix → ...raform/hydrate-cluster/vault-aws-auth.nix
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# hydrate aws groups & policies
# hydrate-cluster.aws groups & policies
{ terralib, ... }:
let inherit (terralib) var;
in {
tf.hydrate.configuration = {
tf.hydrate-cluster.configuration = {

resource.aws_iam_group = {
developers = {
Expand Down
2 changes: 1 addition & 1 deletion ...s/terraform/hydrate/vault-github-auth.nix → ...orm/hydrate-cluster/vault-github-auth.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ let
adminGithubTeamNames developerGithubTeamNames developerGithubNames;

in {
tf.hydrate.configuration = {
tf.hydrate-cluster.configuration = {

resource.vault_github_auth_backend.employee = {
organization = "input-output-hk";
Expand Down
2 changes: 1 addition & 1 deletion modules/terraform/hydrate/vault-mounts.nix → ...erraform/hydrate-cluster/vault-mounts.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ let
__fromTOML = builtins.fromTOML;

in {
tf.hydrate.configuration = {
tf.hydrate-cluster.configuration = {

resource.vault_mount.${runtimeSecretsPath} = {
path = "${runtimeSecretsPath}";
Expand Down
2 changes: 1 addition & 1 deletion modules/terraform/hydrate/vault-pki.nix → ...s/terraform/hydrate-cluster/vault-pki.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ let
inherit (config.cluster) domain;

in {
tf.hydrate.configuration = {
tf.hydrate-cluster.configuration = {

data.sops_file.ca = { source_file = "./encrypted/ca.json"; };
# TODO: commented parts are currently accomplished by a systemd one-shot
Expand Down
45 changes: 39 additions & 6 deletions modules/terraform/hydrate.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,19 @@ let

in {

# preconfigure secrets-hydrate
tf.secrets-hydrate.configuration = {
# preconfigure hydrate-secrets
tf.secrets-hydrate.configuration = lib.warn ''
secrets-hydrate had been renamed to hydrate-secrets
please rename your infra cluster tf vault backend accordingly
and switch!
VAULT_ADDR=https://vault.infra.aws.iohkdev.io
VAULT_TOKEN=$TF_HTTP_PASSWORD
vault kv put secret/vbk/$BITTE_CLUSTER/hydrate-secrets @<(vault kv get -format=json secret/vbk/$BITTE_CLUSTER/secrets-hydrate | jq .data.data)
'' config.tf.hydrate-secrets.configuration;
tf.hydrate-secrets.configuration = {
terraform.backend.http = {
address = "${vbkStub}/secrets-hydrate";
lock_address = "${vbkStub}/secrets-hydrate";
Expand All @@ -24,8 +35,19 @@ in {
provider.vault = { };
};

# preconfigure app-hydrate
tf.app-hydrate.configuration = {
# preconfigure hydrate-app
tf.app-hydrate.configuration = lib.warn ''
app-hydrate had been renamed to hydrate-app
please rename your infra cluster tf vault backend accordingly
and switch!
VAULT_ADDR=https://vault.infra.aws.iohkdev.io
VAULT_TOKEN=$TF_HTTP_PASSWORD
vault kv put secret/vbk/$BITTE_CLUSTER/hydrate-app @<(vault kv get -format=json secret/vbk/$BITTE_CLUSTER/app-hydrate | jq .data.data)
'' config.tf.hydrate-app.configuration;
tf.hydrate-app.configuration = {
terraform.backend.http = {
address = "${vbkStub}/app-hydrate";
lock_address = "${vbkStub}/app-hydrate";
Expand All @@ -35,8 +57,19 @@ in {
provider.vault = { };
};

# preconfigure (cluster-)hydrate
tf.hydrate.configuration = {
# preconfigure hydrate-cluster
tf.hydrate.configuration = lib.warn ''
hydrate had been renamed to hydrate-cluster
please rename your infra cluster tf vault backend accordingly
and switch!
VAULT_ADDR=https://vault.infra.aws.iohkdev.io
VAULT_TOKEN=$TF_HTTP_PASSWORD
vault kv put secret/vbk/$BITTE_CLUSTER/hydrate-cluster @<(vault kv get -format=json secret/vbk/$BITTE_CLUSTER/hydrate | jq .data.data)
'' config.tf.hydrate-cluster.configuration;
tf.hydrate-cluster.configuration = {
terraform.backend.http = {
address = "${vbkStub}/hydrate";
lock_address = "${vbkStub}/hydrate";
Expand Down

0 comments on commit baa2e4b

Please sign in to comment.