feat(ops/buildkite): Bootstrap Buildkite Terraform configuration
In order to run this the secrets needs to be sourced, e.g.: eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age) Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
parent
4288cf961e
commit
c58cc1e690
4 changed files with 38 additions and 0 deletions
2
ops/buildkite/.gitignore
vendored
Normal file
2
ops/buildkite/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
.envrc
|
||||
.terraform*
|
7
ops/buildkite/default.nix
Normal file
7
ops/buildkite/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ depot, pkgs, ... }:
|
||||
|
||||
depot.nix.readTree.drvTargets {
|
||||
terraform = pkgs.terraform.withPlugins (p: [
|
||||
p.buildkite
|
||||
]);
|
||||
}
|
24
ops/buildkite/tvl.tf
Normal file
24
ops/buildkite/tvl.tf
Normal file
|
@ -0,0 +1,24 @@
|
|||
# Buildkite configuration for TVL.
|
||||
|
||||
terraform {
|
||||
required_providers {
|
||||
buildkite = {
|
||||
source = "buildkite/buildkite"
|
||||
}
|
||||
}
|
||||
|
||||
backend "s3" {
|
||||
endpoint = "https://objects.dc-sto1.glesys.net"
|
||||
bucket = "tvl-state"
|
||||
key = "terraform/tvl-buildkite"
|
||||
region = "glesys"
|
||||
|
||||
skip_credentials_validation = true
|
||||
skip_region_validation = true
|
||||
skip_metadata_api_check = true
|
||||
}
|
||||
}
|
||||
|
||||
provider "buildkite" {
|
||||
organization = "tvl"
|
||||
}
|
|
@ -15,6 +15,11 @@ depot.nix.lazy-deps {
|
|||
rebuild-system.attr = "ops.nixos.rebuild-system";
|
||||
rink.attr = "third_party.nixpkgs.rink";
|
||||
|
||||
tf-buildkite = {
|
||||
attr = "ops.buildkite.terraform";
|
||||
cmd = "terraform";
|
||||
};
|
||||
|
||||
tf-glesys = {
|
||||
attr = "ops.glesys.terraform";
|
||||
cmd = "terraform";
|
||||
|
|
Loading…
Reference in a new issue