about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-06-03T22·40+0000
committertazjin <tazjin@tvl.su>2022-06-06T11·05+0000
commitc58cc1e6901f5ed4103654404e3a1ae0902bcc13 (patch)
tree6c7055cb9e0b806110a48e08831ac83cda262a9d
parent4288cf961e458b6e7d4724b0da2f106b0a50b182 (diff)
feat(ops/buildkite): Bootstrap Buildkite Terraform configuration r/4212
In order to run this the secrets needs to be sourced, e.g.:

  eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)

Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
-rw-r--r--ops/buildkite/.gitignore2
-rw-r--r--ops/buildkite/default.nix7
-rw-r--r--ops/buildkite/tvl.tf24
-rw-r--r--tools/depot-deps.nix5
4 files changed, 38 insertions, 0 deletions
diff --git a/ops/buildkite/.gitignore b/ops/buildkite/.gitignore
new file mode 100644
index 000000000..41c1b3346
--- /dev/null
+++ b/ops/buildkite/.gitignore
@@ -0,0 +1,2 @@
+.envrc
+.terraform*
diff --git a/ops/buildkite/default.nix b/ops/buildkite/default.nix
new file mode 100644
index 000000000..f085bc6d9
--- /dev/null
+++ b/ops/buildkite/default.nix
@@ -0,0 +1,7 @@
+{ depot, pkgs, ... }:
+
+depot.nix.readTree.drvTargets {
+  terraform = pkgs.terraform.withPlugins (p: [
+    p.buildkite
+  ]);
+}
diff --git a/ops/buildkite/tvl.tf b/ops/buildkite/tvl.tf
new file mode 100644
index 000000000..752a33b09
--- /dev/null
+++ b/ops/buildkite/tvl.tf
@@ -0,0 +1,24 @@
+# Buildkite configuration for TVL.
+
+terraform {
+  required_providers {
+    buildkite = {
+      source = "buildkite/buildkite"
+    }
+  }
+
+  backend "s3" {
+    endpoint = "https://objects.dc-sto1.glesys.net"
+    bucket   = "tvl-state"
+    key      = "terraform/tvl-buildkite"
+    region   = "glesys"
+
+    skip_credentials_validation = true
+    skip_region_validation      = true
+    skip_metadata_api_check     = true
+  }
+}
+
+provider "buildkite" {
+  organization = "tvl"
+}
diff --git a/tools/depot-deps.nix b/tools/depot-deps.nix
index eabd6484c..62f390508 100644
--- a/tools/depot-deps.nix
+++ b/tools/depot-deps.nix
@@ -15,6 +15,11 @@ depot.nix.lazy-deps {
   rebuild-system.attr = "ops.nixos.rebuild-system";
   rink.attr = "third_party.nixpkgs.rink";
 
+  tf-buildkite = {
+    attr = "ops.buildkite.terraform";
+    cmd = "terraform";
+  };
+
   tf-glesys = {
     attr = "ops.glesys.terraform";
     cmd = "terraform";