Skip to content

Commit

Permalink
introduce gcp-instance-1
Browse files Browse the repository at this point in the history
Signed-off-by: iosmanthus <myosmanthustree@gmail.com>
  • Loading branch information
iosmanthus committed Apr 2, 2024
1 parent cde9553 commit af724bb
Show file tree
Hide file tree
Showing 28 changed files with 426 additions and 223 deletions.
23 changes: 23 additions & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,29 @@
}
];
};

gcp-instance-1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit self;
};
modules = [
./secrets/gcp-instance-1
./nixos/gcp-instance-1

sops-nix.nixosModules.sops

self.nixosModules.cloud.gce
self.nixosModules.cloud.sing-box
self.nixosModules.o11y

{
nixpkgs.overlays = [
self.overlays.default
];
}
];
};
};
} // flake-utils.lib.eachSystem
[ "x86_64-linux" ]
Expand Down
4 changes: 2 additions & 2 deletions infra/aws-lightsail/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
output "external_address_v4" {
output "aws_lightsail_0_external_address_v4" {
value = aws_lightsail_static_ip.main.ip_address
sensitive = true
}

output "external_address_v6" {
output "aws_lightsail_0_external_address_v6" {
value = aws_lightsail_instance.main.ipv6_addresses[0]
sensitive = true
}
4 changes: 2 additions & 2 deletions infra/cloudflare/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ data "terraform_remote_state" "aws_lightsail" {

resource "cloudflare_record" "aws_lightsail" {
for_each = local.records
value = data.terraform_remote_state.aws_lightsail.outputs.external_address_v4
value = data.terraform_remote_state.aws_lightsail.outputs.aws_lightsail_0_external_address_v4
zone_id = each.value
name = each.key
type = "A"
Expand All @@ -21,7 +21,7 @@ resource "cloudflare_record" "aws_lightsail" {

resource "cloudflare_record" "aws_lightsail_v6" {
for_each = local.records
value = data.terraform_remote_state.aws_lightsail.outputs.external_address_v6
value = data.terraform_remote_state.aws_lightsail.outputs.aws_lightsail_0_external_address_v6
zone_id = each.value
name = each.key
type = "AAAA"
Expand Down
27 changes: 14 additions & 13 deletions infra/gcp/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

104 changes: 104 additions & 0 deletions infra/gcp/gce/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
resource "random_id" "revision" {
keepers = {
creation_timestamp = "20240320173139"
}
byte_length = 4
}

data "google_service_account" "default" {
account_id = var.google_service_account_id
}

resource "random_id" "ip_revision" {
keepers = {
ip_revision = var.ip_revision
}
byte_length = 4
}

resource "google_compute_address" "main_external_ip_v4" {
name = "external-ip-v4-${random_id.revision.hex}-${random_id.ip_revision.hex}"

region = var.google_region
}

resource "google_compute_subnetwork" "dual_stack" {
region = var.google_region
name = "dual-stack-${random_id.revision.hex}"
ip_cidr_range = "10.0.0.0/22"
stack_type = "IPV4_IPV6"
ipv6_access_type = "EXTERNAL"

network = google_compute_network.main.id
}

resource "google_compute_network" "main" {
name = "main-${random_id.revision.hex}"
auto_create_subnetworks = false
}

resource "google_compute_firewall" "main" {
name = "main-${random_id.revision.hex}"
network = google_compute_network.main.name

allow {
protocol = "icmp"
}

allow {
protocol = "tcp"
ports = ["22", "443", "6626", "10080"]
}

source_ranges = ["0.0.0.0/0"]
}

resource "google_compute_firewall" "main_v6" {
name = "main-v6-${random_id.revision.hex}"
network = google_compute_network.main.name

allow {
protocol = "58"
}

allow {
protocol = "tcp"
ports = ["22", "443", "6626", "10080"]
}

source_ranges = ["::/0"]
}

resource "google_compute_instance" "main" {
name = "instance-${random_id.revision.hex}"
machine_type = "e2-micro"

enable_display = true
allow_stopping_for_update = true

boot_disk {
initialize_params {
image = var.vm_image
type = "pd-balanced"
size = 40
}
}


network_interface {
subnetwork = google_compute_subnetwork.dual_stack.self_link
stack_type = "IPV4_IPV6"
ipv6_access_config {
network_tier = "PREMIUM"
}
access_config {
nat_ip = google_compute_address.main_external_ip_v4.address
}
}

service_account {
# Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
email = data.google_service_account.default.email
scopes = ["cloud-platform"]
}
}
9 changes: 9 additions & 0 deletions infra/gcp/gce/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "external_address_v4" {
value = google_compute_address.main_external_ip_v4.address
sensitive = true
}

output "external_address_v6" {
value = google_compute_instance.main.network_interface[0].ipv6_access_config[0].external_ipv6
sensitive = true
}
7 changes: 7 additions & 0 deletions infra/gcp/gce/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
provider "google" {
project = var.google_project
region = var.google_region
zone = var.google_zone

user_project_override = true
}
23 changes: 23 additions & 0 deletions infra/gcp/gce/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
variable "google_project" {
type = string
}

variable "google_region" {
type = string
}

variable "google_zone" {
type = string
}

variable "google_service_account_id" {
type = string
}

variable "vm_image" {
type = string
}

variable "ip_revision" {
type = string
}
8 changes: 8 additions & 0 deletions infra/gcp/gce/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "5.22.0"
}
}
}
109 changes: 16 additions & 93 deletions infra/gcp/main.tf
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
resource "random_id" "revision" {
keepers = {
creation_timestamp = "20240320173139"
}
byte_length = 4
}

data "google_service_account" "default" {
account_id = var.google_service_account_id
}
Expand All @@ -26,96 +19,26 @@ resource "google_compute_image_iam_binding" "binding" {
]
}

resource "random_id" "ip_revision" {
keepers = {
creation_timestamp = "20240320174539"
}
byte_length = 4
}

resource "google_compute_address" "main_external_ip_v4" {
name = "external-ip-v4-${random_id.revision.hex}-${random_id.ip_revision.hex}"

region = var.google_region
}

resource "google_compute_subnetwork" "dual_stack" {
region = var.google_region
name = "dual-stack-${random_id.revision.hex}"
ip_cidr_range = "10.0.0.0/22"
stack_type = "IPV4_IPV6"
ipv6_access_type = "EXTERNAL"

network = google_compute_network.main.id
}

resource "google_compute_network" "main" {
name = "main-${random_id.revision.hex}"
auto_create_subnetworks = false
}

resource "google_compute_firewall" "main" {
name = "main-${random_id.revision.hex}"
network = google_compute_network.main.name

allow {
protocol = "icmp"
}

allow {
protocol = "tcp"
ports = ["22", "443", "6626", "10080"]
}

source_ranges = ["0.0.0.0/0"]
}

resource "google_compute_firewall" "main_v6" {
name = "main-v6-${random_id.revision.hex}"
network = google_compute_network.main.name
module "gcp_instance_0" {
source = "./gce"

allow {
protocol = "58"
}
google_project = var.google_project
google_service_account_id = var.google_service_account_id
vm_image = google_compute_image.nixos.self_link

allow {
protocol = "tcp"
ports = ["22", "443", "6626", "10080"]
}

source_ranges = ["::/0"]
google_region = "asia-east1"
google_zone = "asia-east1-b"
ip_revision = "20240401172200"
}

resource "google_compute_instance" "main" {
name = "instance-${random_id.revision.hex}"
machine_type = "e2-micro"

enable_display = true
allow_stopping_for_update = true

boot_disk {
initialize_params {
image = google_compute_image.nixos.self_link
type = "pd-balanced"
size = 40
}
}
module "gcp_instance_1" {
source = "./gce"

google_project = var.google_project
google_service_account_id = var.google_service_account_id
vm_image = google_compute_image.nixos.self_link

network_interface {
subnetwork = google_compute_subnetwork.dual_stack.self_link
stack_type = "IPV4_IPV6"
ipv6_access_config {
network_tier = "PREMIUM"
}
access_config {
nat_ip = google_compute_address.main_external_ip_v4.address
}
}

service_account {
# Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
email = data.google_service_account.default.email
scopes = ["cloud-platform"]
}
google_region = "us-west1"
google_zone = "us-west1-b"
ip_revision = "20240401173637"
}
18 changes: 14 additions & 4 deletions infra/gcp/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,19 @@
output "external_address_v4" {
value = google_compute_address.main_external_ip_v4.address
output "gcp_instance_0_external_address_v4" {
value = module.gcp_instance_0.external_address_v4
sensitive = true
}

output "external_address_v6" {
value = google_compute_instance.main.network_interface[0].ipv6_access_config[0].external_ipv6
output "gcp_instance_0_external_address_v6" {
value = module.gcp_instance_0.external_address_v6
sensitive = true
}

output "gcp_instance_1_external_address_v4" {
value = module.gcp_instance_1.external_address_v4
sensitive = true
}

output "gcp_instance_1_external_address_v6" {
value = module.gcp_instance_1.external_address_v6
sensitive = true
}
Loading

0 comments on commit af724bb

Please sign in to comment.