nixos-wiki-infra/terraform/nixos-wiki/main.tf

52 lines
1.5 KiB
Terraform
Raw Normal View History

2023-05-10 21:05:10 +02:00
# Record the SSH public key into Hetzner Cloud
2023-05-14 18:18:38 +02:00
data "hcloud_ssh_keys" "nixos_wiki" {
with_selector = "wiki=true"
2023-05-10 21:05:10 +02:00
}
resource "hcloud_server" "nixos_wiki" {
image = "debian-11"
2023-05-10 21:05:10 +02:00
keep_disk = true
name = "nixos-wiki"
server_type = var.server_type
2023-05-14 18:18:38 +02:00
ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.name
2023-05-10 21:05:10 +02:00
backups = false
labels = var.tags
2023-05-11 00:29:15 +02:00
location = var.server_location
2023-05-10 21:05:10 +02:00
lifecycle {
# Don't destroy server instance if ssh keys changes.
ignore_changes = [ssh_keys]
2024-02-09 12:09:57 +01:00
prevent_destroy = true
2023-05-10 21:05:10 +02:00
}
}
module "deploy" {
depends_on = [local_file.nixos_vars]
source = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
nixos_system_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoScriptNoDeps"
target_host = hcloud_server.nixos_wiki.ipv4_address
instance_id = hcloud_server.nixos_wiki.id
extra_files_script = "${path.module}/decrypt-age-keys.sh"
2023-10-24 18:37:53 +02:00
extra_environment = {
SOPS_FILE = var.sops_file
}
debug_logging = true
}
2023-05-10 21:05:10 +02:00
locals {
nixos_vars = {
ipv6_address = hcloud_server.nixos_wiki.ipv6_address
2023-05-14 20:17:36 +02:00
ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key
2023-05-10 21:05:10 +02:00
}
}
2024-02-09 11:54:32 +01:00
output "ipv4_address" {
value = hcloud_server.nixos_wiki.ipv4_address
}
output "ipv6_address" {
value = hcloud_server.nixos_wiki.ipv6_address
}