Skip to content

Instantly share code, notes, and snippets.

@JosephSalisbury

JosephSalisbury/gist:401acbc61f69738f38bde656531870c3

Created May 28, 2019 16:17
Show Gist options
  • Save JosephSalisbury/401acbc61f69738f38bde656531870c3 to your computer and use it in GitHub Desktop.
Save JosephSalisbury/401acbc61f69738f38bde656531870c3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
{
network.description = "Development infrastructure";
vm =
{ config, pkgs, ... }:
let
gsctl = pkgs.buildGoPackage rec {
name = "gsctl-${version}";
version = "b9e631e8d7f273271055beab49b574f5b4fcc4bd";
goPackagePath = "github.com/giantswarm/gsctl";
src = builtins.fetchGit {
url = "[email protected]:giantswarm/gsctl.git";
ref = "master";
rev = "${version}";
};
buildFlagsArray = ''
-ldflags=-X github.com/giantswarm/gsctl/config.Version=0.15.1
-X github.com/giantswarm/gsctl/config.BuildDate=2019-04-30T14:28:20Z
'';
};
opsctl = pkgs.buildGoPackage rec {
name = "opsctl-${version}";
version = "80fc939ec050e79e2672a3a5d5cef7565bf661e2";
goPackagePath = "github.com/giantswarm/opsctl";
src = builtins.fetchGit {
url = "[email protected]:giantswarm/opsctl.git";
ref = "master";
rev = "${version}";
};
buildFlagsArray = ''
-ldflags=-X main.gitCommit=${version}
'';
};
in {
deployment.targetEnv = "gce";
deployment.gce = {
project = "dev-infra-238015";
serviceAccount = "dev-infra-service-account@dev-infra-238015.iam.gserviceaccount.com";
accessKey = "./credentials/google-service-account.json";
instanceType = "n1-standard-2";
region = "europe-west2-a";
rootDiskSize = 10;
};
deployment.keys = {
"config.yaml" = {
text = builtins.readFile ./secrets/gsctl;
user = "joe";
group = "users";
destDir = "/etc/joe/.config/gsctl/";
};
giantswarm_rsa = {
text = builtins.readFile ./secrets/giantswarm_rsa;
user = "joe";
group = "users";
};
gitcredentials = {
text = builtins.readFile ./secrets/gitcredentials;
user = "joe";
group = "users";
};
gpg-private = {
text = builtins.readFile ./secrets/gpg-private;
user = "joe";
group = "users";
};
gpg-public = {
text = builtins.readFile ./secrets/gpg-public;
user = "joe";
group = "users";
};
opsctl-github = {
text = builtins.readFile ./secrets/opsctl-github;
user = "joe";
group = "users";
};
opsctl-gpg = {
text = builtins.readFile ./secrets/opsctl-gpg;
user = "joe";
group = "users";
};
opsctl-opsgenie = {
text = builtins.readFile ./secrets/opsctl-opsgenie;
user = "joe";
group = "users";
};
gridscale = {
text = builtins.readFile ./secrets/gridscale;
user = "joe";
group = "users";
};
vultr = {
text = builtins.readFile ./secrets/vultr;
user = "joe";
group = "users";
};
quay = {
text = builtins.readFile ./secrets/quay;
user = "joe";
group = "users";
};
};
deployment.storeKeysOnMachine = true;
environment.etc."joe/.bashrc" = {
user = "joe";
group = "users";
mode = "600";
text = ''
if [ -f /etc/joe/.bash_aliases ]; then
source /etc/joe/.bash_aliases
fi
if [ -f /etc/joe/.bash_functions ]; then
source /etc/joe/.bash_functions
fi
set -o vi
sudo chown -R joe:users /etc/joe
eval `ssh-agent -s` > /dev/null 2>&1
ssh-add /var/run/keys/giantswarm_rsa > /dev/null 2>&1
if ! gpg --list-keys 2>&1 | grep -q '[email protected]'; then
gpg --import /var/run/keys/gpg-private > /dev/null 2>&1
gpg --import /var/run/keys/gpg-public > /dev/null 2>&1
fi
if ! grep -q quay.io ~/.docker/config.json; then
docker login quay.io \
--username=josephsalisbury \
--password=$(cat /var/run/keys/quay) > /dev/null 2>&1
fi
export GPG_TTY=$(tty)
export GITHUB_TOKEN=$(cat /var/run/keys/gitcredentials | awk -F ':' '{print $3}' | awk -F '@' '{print $1}')
export OPSCTL_GITHUB_TOKEN=$(cat /var/run/keys/opsctl-github)
export OPSCTL_GPG_PASSWORD=$(cat /var/run/keys/opsctl-gpg)
export OPSCTL_OPSGENIE_TOKEN=$(cat /var/run/keys/opsctl-opsgenie)
source <(opsctl completion bash)
source <(kubectl completion bash)
export PS1="\[\e[1m\]\$(date +'%Y-%m-%d %H:%M:%S')\[\e[0m\]\n$ "
if [[ -z $TMUX ]] && [[ $USER != "root" ]]; then
exec tmux new-session -A -s default
fi
'';
};
environment.etc."joe/.bash_aliases" = {
user = "joe";
group = "users";
mode = "600";
text = ''
alias git=hub
alias ls='ls -FGhl --color=auto'
alias wl='watch --color --differences $(fc -ln -1)'
'';
};
environment.etc."joe/.bash_functions" = {
user = "joe";
group = "users";
mode = "600";
text = ''
function access {
gsctl select endpoint $1 &> /dev/null
if kubectl --context=giantswarm-''${@: -1} cluster-info &> /dev/null; then
kubectl config use-context giantswarm-''${@: -1} &> /dev/null
printf "\033[0;32mRe-using existing kubeconfig.\033[0m\n"
return 0
fi
if [ "$#" -eq 2 ]; then
gsctl create kubeconfig \
--endpoint=$1 \
--cluster=$2 \
--certificate-organizations=system:masters \
--ttl=1d \
&> /dev/null
if [ $? -eq 0 ]; then
printf "\033[0;32mCreated tenant cluster kubeconfig.\033[0m\n"
else
printf "\033[0;31mCould not create tenant cluster kubeconfig.\033[0m\n"
fi
fi
if [ "$#" -eq 1 ]; then
opsctl create kubeconfig \
--cluster=$1 \
&> /dev/null
if [ $? -eq 0 ]; then
printf "\033[0;32mCreated control plane kubeconfig.\033[0m\n"
else
printf "\033[0;31mCould not create control plane kubeconfig.\033[0m\n"
fi
fi
}
function hack {
local organisation=""
local project=""
if [[ ! -d ~/go ]]; then
mkdir -p ~/go/src/github.com
fi
directory=$(find ~/go/src/github.com/ -mindepth 2 -maxdepth 2 -type d -name $1)
if [[ ! -z $directory ]]; then
cd $directory
return 0
fi
if [[ "$#" -eq 2 ]]; then
organisation=$1
project=$2
fi
if [[ "$#" -eq 1 ]]; then
project=$1
if $(git ls-remote https://github.com/giantswarm/$project > /dev/null 2>&1); then
organisation="giantswarm"
fi
if $(git ls-remote https://github.com/JosephSalisbury/$project > /dev/null 2>&1); then
organisation="JosephSalisbury"
fi
fi
mkdir -p ~/go/src/github.com/$organisation
cd ~/go/src/github.com/$organisation
git clone --quiet https://github.com/$organisation/$project
cd ~/go/src/github.com/$organisation/$project
}
function password {
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
}
'';
};
environment.etc."joe/.gitconfig" = {
user = "joe";
group = "users";
mode = "600";
text = ''
[alias]
b = branch -a
co = checkout
d = diff
lg = log -n 5 --pretty=tformat:'%Cblue%h%Creset %<(70,trunc)%s %Cgreen(%cr)%Creset %Cblue%an%Creset'
st = status --short --branch
[commit]
gpgsign = true
template = /etc/joe/.gittemplate
[core]
editor = vi
[credential]
helper = store --file=/run/keys/gitcredentials
[help]
autocorrect = -1
[pager]
branch = false
log = false
[url "https://github.com/"]
insteadOf = [email protected]:
[user]
name = Joseph Salisbury
email = [email protected]
signingkey = 1C6A41349CB55511
'';
};
environment.etc."joe/.gittemplate" = {
user = "joe";
group = "users";
mode = "600";
text = ''
# If this commit is applied, then it (e.g: Removes the foo)
# Towards this issue
# And this is _why_ we did it
'';
};
environment.etc."joe/.gnupg/gpg.conf" = {
user = "joe";
group = "users";
mode = "600";
text = ''
trusted-key 1C6A41349CB55511
'';
};
environment.etc."joe/.profile" = {
user = "joe";
group = "users";
mode = "600";
text = ''
if [ -n "$BASH_VERSION" ]; then
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
'';
};
environment.etc."joe/.tmux.conf" = {
user = "joe";
group = "users";
mode = "600";
text = ''
bind r source-file /etc/joe/.tmux.conf
set -g base-index 1
set -g default-terminal "screen-256color"
set -g pane-base-index 1
set -g status-bg colour7
set -g status-fg colour232
set -g status-interval 1
set -g status-left ""
set -g window-status-format "#I"
set -g window-status-current-format "#I#F"
set -g status-right "#(/etc/joe/.tmux-status.sh)"
set -g status-right-length 500
'';
};
environment.etc."joe/.tmux-status.sh" = {
user = "joe";
group = "users";
mode = "700";
text = ''
#!/bin/sh
path="$(tmux display-message -p -F "#{pane_current_path}")"
git_branch=$(cd $path; git rev-parse --abbrev-ref HEAD 2> /dev/null)
kubectl_context=$(kubectl config current-context | sed -e 's/giantswarm-//')
if [ $path == $HOME ]; then
path_info="~"
else
path_info="$(basename $path)"
fi
git_info=""
if [ ! -z "$git_branch" ]; then
git_info=" ($git_branch)"
fi
kube_info=""
if [ ! -z "$kubectl_context" ]; then
kube_info=" ($kubectl_context)"
fi
echo $path_info$git_info$kube_info
'';
};
environment.noXlibs = true;
environment.systemPackages = with pkgs; [
bind
git
gitAndTools.hub
gnumake
gnupg
go
gsctl
htop
jq
kubectl
opsctl
python3
tmux
tree
vim
wget
];
fileSystems."/" = {
fsType = "ext4";
};
networking.hostName = "vm";
programs.vim.defaultEditor = true;
security.sudo.wheelNeedsPassword = false;
services.openvpn.servers = {
gridscale = {
config = "config /var/run/keys/gridscale";
updateResolvConf = true;
};
vultr = {
config = "config /var/run/keys/vultr";
updateResolvConf = true;
};
};
system.autoUpgrade = {
channel = "https://nixos.org/channels/nixos-19.03";
enable = true;
};
time.timeZone = "Europe/London";
users.mutableUsers = false;
users.users.joe = {
isNormalUser = true;
home = "/etc/joe";
description = "Joe Salisbury";
extraGroups = [
"docker"
"keys"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbANMu71iyqQ9HgVC+UF4OPXcPE0BL23B9/w/2b5Yjvhboc1z+G0ElP8MtPp55zw8Gt6Xl7nuK4SL8pBJxVlLriop1+41lcM+hBHIBW5JsZO7ygPApvXoF3855o2jkZpVgOTAuIlNF+edvWEi1u4DoODtl5u/NXvLg18lZrt8e+QOxQsxPixX+rkoA5p5jOJIsyUsPn+68HJlWsxEh9QClGvx1gx1lq+yRamz8pJdF11k19m/FvwIVnnhM9ZhFvtADJ89d6mEb6BQI0mZ2Nl+uGAd9D8k0aBmvpsUxb+DzTOfLXRl3SHVXR/W7qokSCoKDjnff6Oy3Pm0ly6DVMjSr"
];
};
virtualisation.docker.enable = true;
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment