Tinyland overlay for the attic-iac upstream module. Deploys a Nix binary cache to a Civo Kubernetes cluster accessed via Tailscale.
Full documentation: jesssullivan.github.io/attic-iac
Tinyland-specific docs: docs/tinyland-deployment.md
graph TD
subgraph upstream["attic-iac (upstream)"]
M[MODULE.bazel] --> TOFU[tofu/modules/]
M --> APP[app/]
end
subgraph tinyland["tinyland-infra (overlay)"]
TM[MODULE.bazel] -->|"bazel_dep + local_path_override"| M
TM --> EXT[build/extensions.bzl]
EXT -->|"symlink merge"| MERGED["@attic_merged"]
end
MERGED -->|"tofu apply"| CIVO[Civo K8s]
.
├── BUILD.bazel # Root targets
├── MODULE.bazel # Bzlmod: bazel_dep on attic-iac
├── build/
│ ├── overlay.bzl # overlay_repository rule
│ └── extensions.bzl # Module extension
├── config/
│ └── organization.yaml # Tinyland org identity
├── tofu/
│ └── stacks/
│ └── attic/ # Attic cache stack (tinyland.tfvars)
├── docs/
│ └── tinyland-deployment.md
├── .gitlab-ci.yml # CI/CD pipeline
└── .gitlab/ci/ # CI templates
# Prerequisites: upstream repo at ~/git/attic-iac/
direnv allow
# Plan the attic cache stack
just tofu-plan attic
# Apply
just tofu-apply atticTinyland uses Tailscale for cluster access (no SOCKS proxy needed). The
Civo cluster is reachable via Tailscale MagicDNS at fuzzy-dev.tinyland.dev.
CI runs on GitLab at tinyland/tinyland-infra (ID 78322246). The pipeline
clones upstream from GitHub and symlinks modules into the overlay stacks.
Bazel build and test jobs use the greedy pattern (needs: []) to start
immediately without waiting for the validate stage. The upstream
//app:unit_tests target runs the SvelteKit vitest suite through Bazel,
enabling remote cache hits across CI runs.
Required CI variables:
KUBECONFIG: File-type variable with Civo cluster kubeconfig