Switch from coreos to nixos

archive/1-coreos/3-configure-hashistack/.gitignore

@@ -0,0 +1,34 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

archive/1-coreos/3-configure-hashistack/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/neuspaces/system" {
+  version     = "0.4.0"
+  constraints = "0.4.0"
+  hashes = [
+    "h1:Vsp3ZoNGUnijGxcyKPJAnjzaifk2rcOaA6DtS4Wsdyk=",
+    "zh:04862132feb60ff990e15f4b878e96fbcc296720bd31a39e7b0a8fe5788b5b33",
+    "zh:1d8b6050274b5b915fbf241a66c63fe1b2088bc4720e0ef36a3d75a197a97d78",
+    "zh:5263effc40349d48ed458ea5d418e7321db441d7987b35fabbdd3faa53ed114d",
+    "zh:5b13d535084dacba3d511d5c815db4b5ae83e9c6226938bbf20a30c4e05116cb",
+    "zh:69da944ea0c86ec4e64ae844f580d13910fd66f1d8a9ecc7890ff0ace29aef36",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7fce212ccf0fd267a7f318c793e174605cbaa7814f9b30be16ed1d0526ab398f",
+    "zh:97523ef340365bfaf759cc1eb4a202af7b27ac87e1cb5f0309a585d63e205bbd",
+    "zh:9f3fefa30abc39a1073e66b88701b5437f4b04b0082091408c97f6a8e5b64bd3",
+    "zh:e16d43079cc894bfb0980ff211ea1787cdb913f24826461a8967ac91fd146ea8",
+    "zh:e4630f531b59e813fa405942c7648252c741313ccd49bc1be85f2ea964016ed3",
+    "zh:ebd2549e8b5b2894efb0ba70f2f6034ae5fb5821d1e2831ba5af8fa5e5870829",
+    "zh:ed601fdbf4813d041b3773781e2331c7ea074f8a5b505d2b105059a89b44301c",
+    "zh:f08f8e3d05759b72421de4c54f6938396d3e13fdfdbe7505877b1c64342dfa3a",
+    "zh:fea9e0172235a52343826d77e8331bcfeb785d514b4f5ee39f524d541b1a8749",
+  ]
+}

archive/1-coreos/3-configure-hashistack/jaglan-beta.tf

@@ -0,0 +1,35 @@
+terraform {
+  required_providers {
+    system = {
+      source = "neuspaces/system"
+      version = "0.4.0"
+    }
+  }
+}
+
+provider "system" {
+  ssh {
+    host = "jaglan-beta-m42"
+    user  = "core"
+    agent = true
+  }
+}
+
+resource "system_file" "static_content" {
+  path    = "/etc/consul.d/consul.hcl"
+  content = "Hello world!"
+}
+
+resource "terraform_data" "jaglan-beta" {
+    provisioner "file" {
+        source      = "consul.hcl"
+        #destination = "/etc/consul.d/consul.hcl"
+        destination = "./consul.hcl"
+    }
+
+    connection {
+        type     = "ssh"
+        user     = "core"
+        host     = "jaglan-beta-m42"
+    }
+}

archive/1-coreos/3-configure-hashistack/nomad.hcl

@@ -0,0 +1,24 @@
+datacenter = "jaglan-beta"
+#data_dir = "/var/lib/nomad"
+#plugin_dir = "/usr/local/lib/nomad/plugins"
+
+server {
+  enabled = true
+  bootstrap_expect = 1
+
+  server_join {
+    retry_join = ["jaglan-beta-m01", "jaglan-beta-m42"]
+  }
+}
+
+tls {
+  http = true
+  rpc  = true
+
+  ca_file   = "/etc/nomad.certs/nomad-ca.pem"
+  cert_file = "/etc/nomad.certs/server.pem"
+  key_file  = "/etc/nomad.certs/server-key.pem"
+
+  verify_server_hostname = true
+  verify_https_client    = true
+}

archive/1-coreos/3-configure-hashistack/readme.md

@@ -0,0 +1,11 @@
+We use terraform for this configuration step just to make it easier
+to develop what the configuration should be, once it is stable we
+can move it into the butane definition.
+
+1. Generate secrets
+    1. consul `encrypt`, `consul keygen` and store in consul.hcl
+    2. nomad keys?
+2. Init & apply terraform
+    1. `terraform init`
+    2. `terraform plan --out plan.tfplan`
+    3. `terraform apply plan.tfplan`