Skip to content

Commit 55f9f76

Browse files
sinanmohdsinanmohd
committed
chore(infra): refactor
1 parent 1f635ad commit 55f9f76

29 files changed

+1380
-190
lines changed

.github/workflows/budcustomer-pr-review.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ jobs:
5656
id: pnpm-cache
5757
shell: bash
5858
run: |
59-
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
59+
echo "STORE_PATH=$(pnpm store path)" >> "$GITHUB_OUTPUT"
6060
6161
- name: Cache pnpm store
6262
uses: actions/cache@v4
@@ -127,7 +127,7 @@ jobs:
127127
id: pnpm-cache
128128
shell: bash
129129
run: |
130-
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
130+
echo "STORE_PATH=$(pnpm store path)" >> "$GITHUB_OUTPUT"
131131
132132
- name: Cache pnpm store
133133
uses: actions/cache@v4

.sops.yaml

Lines changed: 36 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,44 @@
11
keys:
22
# people
3-
- &sinan age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
4-
- &ditto age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9
5-
- &adarsh age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
3+
- &admin_sinan age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
4+
- &admin_ditto age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9
5+
- &admin_adarsh age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
66
# machines
7-
- &runner age1ueq3k22vcfet3y0uqu7wu385wd0pwx5nslqp2z30v4e3zf9stpesx7wjxr
8-
- &budk8s age138ut93gvvwkaudl3wxtwn8z9e50ptuhe2yukg6vhwcgncxpplpsqtmhp7t
7+
- &server_github_runner age1ueq3k22vcfet3y0uqu7wu385wd0pwx5nslqp2z30v4e3zf9stpesx7wjxr
8+
- &server_budk8s_primary age138ut93gvvwkaudl3wxtwn8z9e50ptuhe2yukg6vhwcgncxpplpsqtmhp7t
9+
- &server_budk8s_ingress age1v9papxpyyccg3esyzjsd7h0nwje0vry9ns29mh4njmlgylmyedzqr6a9gd
910

1011
creation_rules:
11-
- path_regex: nix/nixos/master/.*
12-
age: >-
13-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
14-
age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9,
15-
age138ut93gvvwkaudl3wxtwn8z9e50ptuhe2yukg6vhwcgncxpplpsqtmhp7t,
16-
age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
17-
- path_regex: infra/helm/.*
18-
age: >-
19-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
20-
age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9,
21-
age138ut93gvvwkaudl3wxtwn8z9e50ptuhe2yukg6vhwcgncxpplpsqtmhp7t,
22-
age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
23-
- path_regex: infra/terraform/.*
24-
age: >-
25-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
26-
age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9,
27-
age138ut93gvvwkaudl3wxtwn8z9e50ptuhe2yukg6vhwcgncxpplpsqtmhp7t,
28-
age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
12+
# server_budk8s_primary
13+
- path_regex: (infra/nixos/primary|infra/nixos/budk8s|infra/helm|infra/terraform)/.*
14+
key_groups:
15+
- age:
16+
- *admin_sinan
17+
- *admin_ditto
18+
- *admin_adarsh
19+
- *server_budk8s_primary
2920

21+
# server_budk8s_ingress
22+
- path_regex: (infra/nixos/ingress|infra/nixos/budk8s)/.*
23+
key_groups:
24+
- age:
25+
- *admin_sinan
26+
- *admin_ditto
27+
- *admin_adarsh
28+
- *server_budk8s_ingress
29+
30+
# server_github_runner
3031
- path_regex: nix/workflows/dockerhub_budcustomer/secrets.yaml
31-
age: >-
32-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
33-
age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9,
34-
age1ueq3k22vcfet3y0uqu7wu385wd0pwx5nslqp2z30v4e3zf9stpesx7wjxr,
35-
age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
32+
key_groups:
33+
- age:
34+
- *admin_sinan
35+
- *admin_ditto
36+
- *admin_adarsh
37+
- *server_github_runner
3638

37-
- age: >-
38-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
39-
age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9,
40-
age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
39+
# default
40+
- key_groups:
41+
- age:
42+
- *admin_sinan
43+
- *admin_ditto
44+
- *admin_adarsh

flake.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

flake.nix

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@
5858
scid.nixosModules.scid
5959
nixos-facter-modules.nixosModules.facter
6060

61-
./nix/nixos/${host}/configuration.nix
61+
./infra/nixos/${host}/configuration.nix
6262
];
6363
};
6464
in
@@ -160,7 +160,8 @@
160160
);
161161

162162
nixosConfigurations = lib.genAttrs [
163-
"master"
163+
"primary"
164+
"ingress"
164165
] (host: makeNixos host "x86_64-linux");
165166
};
166167
}

infra/nixos/azure/configuration.nix

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
{
2+
imports = [
3+
./hardware-configuration.nix
4+
../common/configuration.nix
5+
];
6+
7+
boot.loader.systemd-boot.enable = true;
8+
}

nix/nixos/master/hardware-configuration.nix renamed to infra/nixos/azure/hardware-configuration.nix

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,7 @@
55
"${toString modulesPath}/virtualisation/azure-common.nix"
66
];
77

8-
facter.reportPath = ./facter.json;
98
virtualisation.azure.acceleratedNetworking = true;
10-
119
boot.kernelParams = lib.mkForce [
1210
"console=ttyS0" # azure serial console
1311
"earlyprintk=ttyS0"

infra/nixos/budk8s/configuration.nix

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
imports = [
3+
../azure/configuration.nix
4+
./modules/k3s
5+
];
6+
}

nix/nixos/master/modules/k3s.nix renamed to infra/nixos/budk8s/modules/k3s/default.nix

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,12 @@
66
443
77
];
88

9-
sops.secrets."misc/k3s_token" = { };
9+
sops.secrets."k3s_server_token".sopsFile = ./secrets.yaml;
1010

1111
services.k3s = {
1212
enable = true;
1313
role = "server";
14-
tokenFile = config.sops.secrets."misc/k3s_token".path;
15-
clusterInit = true;
14+
tokenFile = config.sops.secrets."k3s_server_token".path;
1615

1716
extraKubeletConfig.maxPods = 512;
1817
extraFlags = [

infra/nixos/budk8s/modules/k3s/secrets.yaml

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
k3s_server_token: ENC[AES256_GCM,data:319hAVstOafKKNkOZCQko03TADfheTx/k4O67/6E1F1FDv4oS7areehipvKTOcxcapQpMfenEyhfRH55Y/5/g1QaNFxxp2DXl2r4xPkS7i9hIZFi8WWoAWrhdc8QmFtYcmLObhrxjbYHDFIc,iv:jY3SBHqCJ+cxdXbTY0joDBxM5MjanPdz55joylGI2aw=,tag:eept1OnjCsiJ6s/LJXbspg==,type:str]
2+
sops:
3+
age:
4+
- recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
5+
enc: |
6+
-----BEGIN AGE ENCRYPTED FILE-----
7+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNS3R1ZTZjcGJoSVZEeHln
8+
aUQ3OG04L0RJWWZEK2I2Zm0waVdPdDVSbUQ4Ci9rTzBlYkpHMFJsSmlhVjdFcThx
9+
N2VnUm9UamZycFE5cjRqcUNBdjZrOEUKLS0tIFVSeU5HeWF3R0lhSDlGMkVDcnEw
10+
bkhLOVJsYjc2L2I2TDJqUS9wT2ZnSUkKP8bFqScJgOk7JrUsWpyLhhnbuLhCkDfj
11+
d4f5HEzLFhNkiRLiVJyvnZu2D+DVeCoxDw5TlltS4uN08c5EYWlG5g==
12+
-----END AGE ENCRYPTED FILE-----
13+
- recipient: age18xn7rqxu27kschgqs7u5x7af9evnpcp4sru34th6zhhwlwnwycpsajeeh9
14+
enc: |
15+
-----BEGIN AGE ENCRYPTED FILE-----
16+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUeWsyMmtuV0NMNHJFdzQx
17+
OHNCb0t6Qk50WEZzY3lnYWkyOHZFUkhTZ2hrCmVYbGU1MWRScHJRSURLVjA5TkxT
18+
VFY3cksvODBQWjg3SFc4S0tLY1B3b28KLS0tIGRzeE56SnVJMkZ0NzRUTUVxZkR3
19+
eFcyelRORHZ6b3UxTDk5VFNNa3pZTXMKKduFlNQrkMrkOhNfEXiWTo1ic/0Oa5hk
20+
zIkFRYWsyqSFXQlBlBeW6YuyyJqwORRJKiwQmX7dDtczeh7XB/3GpA==
21+
-----END AGE ENCRYPTED FILE-----
22+
- recipient: age1h32pss4dc5qjzl8rqutmt647mfsy5t2szawkp8y473lnjwpm7uqs9q042c
23+
enc: |
24+
-----BEGIN AGE ENCRYPTED FILE-----
25+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ck9LM3NuOFNuVzhMTHVr
26+
aUVFc013RitaQk1DWndFczEyMnpzMExFdW5rCmp0U1p0dGYzSWcyNGViNkx2VjRl
27+
K3ZYclhFZHI0bXB0MFBwcHhCbGVkWm8KLS0tIEY5dUgxTnc3eVlITXIyUEJWd3Vh
28+
UUU1OXMzcXN4SkkzYjJWc3g3bDVnWHMKPkAyCQc0lzN1VheCOKXmMqet6eVO6Ipd
29+
1H63A1svsl4NZDIS5jhQL9dKGJKYmnl3uxu5wTYF9ErWY7Rnibnh1A==
30+
-----END AGE ENCRYPTED FILE-----
31+
- recipient: age138ut93gvvwkaudl3wxtwn8z9e50ptuhe2yukg6vhwcgncxpplpsqtmhp7t
32+
enc: |
33+
-----BEGIN AGE ENCRYPTED FILE-----
34+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RmxjR0VqeUVRSUJRMHZZ
35+
ZWNQbm5vUldOS0FyVFZ1cHJjb2t6dEdoTENRCnVHanNSUUFnWitYOHBUcmg3dUJ1
36+
YXVGeVhrUGV5a3hnaTRXZmtHREpvaU0KLS0tIFB0UFFFRmpUVUNxVnhqVzdnR0Fs
37+
MVBRbVNHYzE4SnBGTGl4a2JlVWgyTEkKYjUZHfQkDHr+RkS0v89I8N5/bWUBR+Rl
38+
+2Muh/xqk4r2LEt7PnTKQxI7hYbcp9BPY+8g1Pi2GE2vGfD0kDBj5Q==
39+
-----END AGE ENCRYPTED FILE-----
40+
lastmodified: "2025-08-27T11:11:32Z"
41+
mac: ENC[AES256_GCM,data:M1Gx/xan59o8hOCLOoxeox+uMuKyQWR1Euh/ANabCYWwFRgaysC7CuQdBE7attB9C2w/RGXlMQidcXeWax3Qf9ySQAA9/anSMZnk1+mG9sSu2YiprFEnsy/8d6CE832esbS0f4HBvDRc8m+qjv85p0KM1Ym9ZLJUBA1ubpyiwss=,iv:GbF7jlPyg4QXPzqjib0hwMFKycednc7tm+/0Ox8Mw1I=,tag:R1CfFGdbp0Pt+U1feuzH9Q==,type:str]
42+
unencrypted_suffix: _unencrypted
43+
version: 3.10.2

nix/nixos/common/configuration.nix renamed to infra/nixos/common/configuration.nix

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ in
55
{
66
imports = [
77
./modules/users.nix
8+
./disko.nix
89
];
910

1011
global.userdata = {
@@ -13,4 +14,6 @@ in
1314
};
1415

1516
sops.defaultSopsFile = lib.mkForce ../${host}/secrets.yaml;
17+
facter.reportPath = ../${host}/facter.json;
18+
system.stateVersion = lib.mkForce "25.11";
1619
}

0 commit comments

Comments
 (0)