mirror of
https://github.com/Mic92/nixos-wiki-infra.git
synced 2025-06-26 12:41:34 +02:00
Merge pull request #187 from NixOS/terraform-refactoring
Switch to local terraform provider
This commit is contained in:
Jörg Thalheim
GitHub
commit
2391458319
@ -1,6 +1,2 @@
|
||||
# Go to https://gitlab.com/-/profile/personal_access_tokens
|
||||
export GITLAB_USER='<your-gitlab-username>'
|
||||
export GITLAB_TOKEN='<your-gitlab-token>'
|
||||
|
||||
# https://console.hetzner.cloud/projects/2643361/security/tokens
|
||||
export HCLOUD_TOKEN='<your-hetzner-token>'
|
||||
|
||||
3
.gitignore
vendored
3
.gitignore
vendored
@ -2,3 +2,6 @@
|
||||
.terraform.lock.hcl
|
||||
**/.terraform
|
||||
.direnv
|
||||
|
||||
terraform.tfstate.backup
|
||||
.terraform.tfstate.lock.info
|
||||
|
||||
@ -2,12 +2,15 @@ keys:
|
||||
- &joerg age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
|
||||
- &nixos-wiki2 age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2
|
||||
- &lassulus age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
|
||||
- &julienmalka age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy
|
||||
creation_rules:
|
||||
- path_regex: targets/nixos-wiki\.nixos\.org/secrets/*
|
||||
key_groups:
|
||||
- age:
|
||||
- *joerg
|
||||
- *lassulus
|
||||
- *julienmalka
|
||||
- *nixos-wiki2
|
||||
- path_regex: targets/admins/secrets/*
|
||||
key_groups:
|
||||
- age:
|
||||
- *joerg
|
||||
- *lassulus
|
||||
|
||||
20
README.md
20
README.md
@ -36,6 +36,26 @@ $ ls -la /tmp/restore/var/lib/mediawiki-uploads/
|
||||
$ umount /tmp/restore/
|
||||
```
|
||||
|
||||
## Applying terraform
|
||||
|
||||
Updating hetzner ssh keys:
|
||||
|
||||
```
|
||||
$ ./targets/admins/tf.sh apply
|
||||
```
|
||||
|
||||
Deploying hetzner machine:
|
||||
|
||||
```
|
||||
$ ./targets/nixos-wiki.nixos.org/tf.sh apply
|
||||
```
|
||||
|
||||
## Updating NixOS server
|
||||
|
||||
```
|
||||
$ ./targets/nixos-wiki.nixos.org/deploy.sh
|
||||
```
|
||||
|
||||
## FAQ:
|
||||
|
||||
### When logging in with "GitHub auth", the app shows "Act on your behalf" as a permission.
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
rm -f .terraform.lock.hcl
|
||||
tofu init -backend-config="password=$GITLAB_TOKEN" -backend-config="username=$GITLAB_USER"
|
||||
tofu apply "$@"
|
||||
24
targets/admins/secrets/terraform-passphrase
Normal file
24
targets/admins/secrets/terraform-passphrase
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:P4EZ4ScncJrYcLzsnCcM7pVrnxRo9VoODCaYgkHKxb+qYWJ43+3TXyl1,iv:HbtiEPvFGxBlwDlblg6bZG1iaD09G710j5sekIt4ds0=,tag:yZSW14Fhxt23We8pS4MMvQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudnUvU2ZYaHZHOGE3OGx6\nS1lEMEcvSkN4ckdsZVZ4bmE4UEszQ3Z3QjFFCk9UdDF2eEs1eTBjTzVycCt4TGdQ\nV2k2WXVSVmlXTXNTQUxqNG5kNzMyemcKLS0tIE5mS1hoQVZpei9kOUFWWVpDR042\nM3Z5NDIwcXRiRkVtdDQreCthRWJleVkKX54ywhOwlcG7Pr00SK7bXMvyJumIiheN\n5VBTjIjT4UHte5juuPPKcVjKnRJwGBFElUhLpClxCznEQNqFC4nkXQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcDBvNVIxdmpKWnRzRHYx\neVBsd3hmcGZHWm1jYVBCcW5CRDZHYXEwalcwCk05VExaUW5RVnV6Ui90RXdndFkx\nQVUvS0pqUEMwUUo3bmtPNHdMdVdBaTgKLS0tIDVVUWFISXZCZi8wNk1JdENLZjJ6\nZHVYQlpWWEZpa3JSai9XRnc0aTVkUlkKCNKv/IsvZR8w5ESQjNJ4BSv+ZBJzRp60\nM0L8RNoiYp/lJVMJTEGx8dQG6ukQck8k/zBGFe7MtdNyZ1bDFEV4Vw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-03-22T07:07:01Z",
|
||||
"mac": "ENC[AES256_GCM,data:gTYWEaD2zTM/KtnzBmMFH7JUgvz9VpfFLNAd4cjC0lrgy0ZbgbBQdx6O6qGsWdxtn+NA0i4edXtveBT+uNlVTIXMTK+dX1kwWAXMATgTjGh7PqMndelT/V8Vc88nq0pBJCmr96lpe/Ocp1l6owrb9DJbL2uFAvycuEZA5Va1v+o=,iv:MCo8JeeWGmVHTC8YMALKnZsleJil6gRWfGWSsyou0wk=,tag:ugPHpgwkdvbdxiKI02wDfA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.0"
|
||||
}
|
||||
}
|
||||
@ -1,11 +1,19 @@
|
||||
variable "passphrase" {}
|
||||
|
||||
terraform {
|
||||
backend "http" {
|
||||
address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins"
|
||||
lock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock"
|
||||
unlock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock"
|
||||
lock_method = "POST"
|
||||
unlock_method = "DELETE"
|
||||
retry_wait_min = "5"
|
||||
encryption {
|
||||
key_provider "pbkdf2" "mykey" {
|
||||
passphrase = var.passphrase
|
||||
}
|
||||
|
||||
method "aes_gcm" "encrypted" {
|
||||
keys = key_provider.pbkdf2.mykey
|
||||
}
|
||||
|
||||
state {
|
||||
method = method.aes_gcm.encrypted
|
||||
enforced = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -13,7 +21,7 @@ module "wiki" {
|
||||
source = "../../terraform/admins"
|
||||
ssh_keys = {
|
||||
mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
|
||||
mic92-macos = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCsjXKHCkpQT4LhWIdT0vDM/E/3tw/4KHTQcdJhyqPSH0FnwC8mfP2N9oHYFa2isw538kArd5ZMo5DD1ujL5dLk= ssh@secretive.Joerg’s-Laptop.local"
|
||||
mic92-macos = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCsjXKHCkpQT4LhWIdT0vDM/E/3tw/4KHTQcdJhyqPSH0FnwC8mfP2N9oHYFa2isw538kArd5ZMo5DD1ujL5dLk="
|
||||
lassulus = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ== lass@yubikey"
|
||||
}
|
||||
}
|
||||
|
||||
1
targets/admins/terraform.tfstate
Normal file
1
targets/admins/terraform.tfstate
Normal file
@ -0,0 +1 @@
|
||||
{"serial":9,"lineage":"3265db60-4d7e-1839-3f2a-95a55af48ec9","meta":{"key_provider.pbkdf2.mykey":"eyJzYWx0IjoiMERvcEcrOXpjbC9WQndwVzd1dDRhdkRFZVNEbTc3MGpSeERocTNGMStVMD0iLCJpdGVyYXRpb25zIjo2MDAwMDAsImhhc2hfZnVuY3Rpb24iOiJzaGE1MTIiLCJrZXlfbGVuZ3RoIjozMn0="},"encrypted_data":"CqhZOHHgglVG6MXKtaL4vbhFx83WuVZn/qoplqiMKKNh4C7hnFGAA3rE3DY1LaIv/vgEfhmdzNo/ruZWoebg+ZcTIT/LrerBN9Hv10cP50PhiWlXQzrCh1WW3vzU8XYYyVnAIp+4J8EYBrMaZuPcVXd44kHzRv/o+ZzRzeobrMMX4k3O/kCOvcpdlBn+Pp+Knajc77HltIfGMQfl81xHsyz6c9f21t0QrChflngKOa4jA8vxh6bGWPcTbfY/CuoGdCkb/Ek3cPmV+UrAjZIR6io2c6CGNS8d/WxuFNSOAY6ENEGB2U/JK7ixtwHGprsaUIqFMX9848TrVPBCbwjGQDh1HXDAiyFCDZM69D1VhVdmahzffRAIPV1ML1XhdW9P1XWj7OKIV7KgLhc3ELbqAxJD82Uo8RE8uHxGpW1rTz+xsPlqvmoukfivi9cKF65O1rFqBBerj1i0YSRrEBuHG8SFJfjtttPGjpJA0QjVs9YkKXHNY1/zOUfQHizk7JKqPbDSo1CmHZEpA+fZ7k6b3vgJpB1rodGqUHk214Nd5uTatnsukqY0pRtcXWXFBaJwvk3oxyijixT6/koXMN4QoyVpV/ytXSlU0WDdf6jeiAMvZY9egfMHRqITErar/jDvN8OGQez9g359icxvSVhExbJAflYhPeRsEaNbXbQ+d5ujJJDlUGJa1uyU9vyvGlGIm6BxJQ3vncpCfGNsgMRO6JF3ZfRViPpBoksGSR9xAUjpVRYia/QJgIFQwbT/yyaEin3wMDDc07oCtTFC5N0wWvBj0RYIhazjy2v6GpiLZKZxDdqMe9fI3n8ncBpDrd/v+ofD4zAbfUo2OpHAUhLVg9PaqS+O6/+TLkULFuFngYzs/YdMqJFioeurLecEwHEdkCZ+MNu1SMmGSSUD2AV94PyiMcKDSgI5efB2QHTJEFU1uNe8R4+DSv9dPppSHgex0X6dYii0S6wqNYJqwdSe4GvIhbamInkhzL5ShWH01xGkmrS/KQBPYSGHIlfYvjYsI+2E6R7iFugmgnVj1lJEK1j6+0Cph8QuZRocwI4fo2BWfiZrLY2mAMCUAZVFrzFoNII8u/IU3zVYqrOILnoKupA3KohNYbaYMbafzx2u2q4Z+LU1bBPPwz8y6OZJbfQ2kRkSh1OKPxNkgF0yd1kCD0sP40iKqLaL0Zkenbq7nehtTWov3BcfzPenZUBsT1J+ViI5KgOLzK9imeFnTa7djIdMQeWQ0LogsYB40s3LzE+aG2GB+HYrUp8DxFuFkGrc+jEjKvVJditn9+blnqiLkKGraIzAaJxHqLVRLMd6/UWY0OcoAsNz2GVwBJIPgSZb5Dsbfektd8K9AD+I3cv8CHpaWZH0VUKYCAXfRfIeYkKGmYD8e41dxtaWErAyIvqyDtyWez8G6REGoD4Pzg5bF8YVM/+SzGohsAeRfEidTgb3BBclSlkxoM4+LoeqPzF8JJEn5FiqGOhQ0vWWoBNvqpw92ajHHE1bsnlij08hud5FyoznpdseI3mXkibzurbdsjL1+KNmjYp6KqAyY8oJhm/GgdJtF8+5woYFTk/PsVp+sPKJGdrjfxI6H/SYYswF37XMhd35jeIyGWCQZw+oxIH0i0ih2QLHo+7K9fxkW/K+w8PD5U8eHtaUaAKMdJSpb+P5cM9y64HtuYcL8RVxiPj75qlTtOAuJpoj7KSA0g0TDi3vE8Vbx5lg2fBSoexm4GKWOlxeh32td68glE23rAnQB03dbf9CR+P4VEoUYuNjhn0+ERAz0oYtHMYg5fei3vYj3XGlU9uAu01HkzQFoENdTCQ2XLwfHWn/bDyAok0SP41pUpl9x5+GUmiNeox47zmXfEzXTGa3xO74S+16r1EStFcB6YCOFSSrQ6yq1B5uULyilLbKRi6wbqS7AwxWGukdkGr6PAbrCPTz2rlUAq9UqunUg57SxJR5F1hm9F2S8Xtpex+4IEI7nb2/4Ach5DZH+oS+71KxilH8rNt4Ysj3Qx9zWNyQm9UGhp8G6YpA42V/6D9rGb1JAAukwqh6lxvyCr0z9jhMWHgM5+j26yFuxm3dlMu6fIVbH0Yz5kxea2Vme/O7HmT5g+pfx3j289wLAFslX9/TO6qn56RxXKdZ7b4Mx+1RVnn6WN9teE/vOxXLChdZZNyCI/DV9GxewZKOfceKMcJP4sndQGSJygCiQJhWIKv9t6NcdMmknlZAzhc+U9+IkoZuJJg3lDPzvx8QhRJEMUNTQFczQpRMoLQ0Vn8yEWnVT927msEKjrEBmCxLgUzM2Qyw9vqajbPSLaa+bvLTKSedklmvPjIGUk1ERh6gs1KJos+vmfQJqU82fm2LMfllmSnZg/qKKbo1Th8X5uN5tYvyvhGK2lls7dH7oEZFN4gKdu0VazL2xqcIUQnsJ3I7CCIR/w7KymtfrD3mijXK/qxbHUAVKSvd3FpN08Cog8fsK7kKIOcZN5ovnVdPky4gxDStgCNvbvuJ5JadbBzEq405rP2EFDwziZkXaflFZOR4meMqrnMtuyhq8+hUuh3AFimpHscotNXF37d7LblbmPKUNuOSl424Gt0kGdUC/QQzxDWRbW8o1H16HuOs3ZyDJHi8NsjWzYsuQa5DhkKKIAwoMKzD/HpsTLl45czj0bKG9DKHPWjURF2F11V7IDR9QdtZZcw=","encryption_version":"v0"}
|
||||
9
targets/admins/tf.sh
Executable file
9
targets/admins/tf.sh
Executable file
@ -0,0 +1,9 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
rm -f .terraform.lock.hcl
|
||||
TF_VAR_passphrase=$(sops -d ./secrets/terraform-passphrase)
|
||||
export TF_VAR_passphrase
|
||||
tofu init
|
||||
tofu "$@"
|
||||
@ -1,8 +1 @@
|
||||
{
|
||||
"ipv6_address":"2a01:4f9:c012:8178::1",
|
||||
"ssh_keys": [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine",
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ== lass@yubikey",
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImw0Xc1buEQ9WOskyGGeg3QwdbU7DTUQBiu02fObDlm jfly"
|
||||
]
|
||||
}
|
||||
{"ipv6_address":"2a01:4f9:c012:8178::1","ssh_keys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ== lass@yubikey","ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCsjXKHCkpQT4LhWIdT0vDM/E/3tw/4KHTQcdJhyqPSH0FnwC8mfP2N9oHYFa2isw538kArd5ZMo5DD1ujL5dLk="]}
|
||||
@ -8,19 +8,15 @@
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1anplUWVpTDNXMUNYQlhn\nTklOc1FGQTV4T0tVeURTdnZISjV6azYvZFFBClB6Q3JncXRZTE1TclVkazFscng1\ncFVzYUNSKy82N0ZkQWFmb2IvU2p1WWsKLS0tIHd2SU1jRFlQN284RjRpMjVuZHZ0\nc24zUldEWW5jZUIzSjI0VzBTaU9rZ1UK1N1G5EWy6uisnUoBQmUpINIyN+f1/vnX\nTrHn8uHcydiM6wZyAxzdwOV53HWxZ8m4MQTS0CXa2S/z+HGRkTsotg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OGV1YTZ5NkRWVUMvUHQw\nbERhTDBIME0rNWJCSGJ1allNbFJEbXRld2t3CmNkdlF4bTVYRDduOTFoTDlIU3F2\nSC9ISjJzMDhkMjN6ZUVYeW8xNFhHa0UKLS0tIC9DOG5KMEJkNkRWaGdmaGl6Mmxp\nYmRoRkJ1UkJlQ2h4NHkreGdwcy9QN3MKoj4Np/hIBOMOuSTwUypw+n9NTbABbrbY\nUWAivOBLGXjrg73gyCYhiPihbpjzhxyaWrkDyhDYE6LxJgqrqkUGJw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQk1xV1c0VVpqS1NnTERi\nc1pnMkV1ODRrS0dScTBrTUFreG40bGxseUZZCkJ3elVYWkJoaWNSOEE1cFRTUnIr\nejNsK21MTlRJRGxVdmVPeHljcEY3R0kKLS0tIE1HZEl1WlRVejNMWXo2bzFmcnZF\nblpiNU0vT25kV3l1dUFWSzVMVzZlZkUKdlDDCfVRNSDLPFQIGBCLhTSCxs2sZm+C\nBse6v+LRWrgIs0XwJY2Hf4XlZgnnEYw896sSgBz8opeQ4g4mf0Lfuw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4clM2N3M2SzdPdHRsTGV1\nS1FYV3J1T2Yxa1o3RWlBS3ZReHpQS2dYZFVVCkFrWDNDU2JXaWxDTXN6ckxZLy9H\ndWMvTEZ5WmlKNVFsR2gySzR5ZXlTUmMKLS0tIGtXZUhuUFFtbnVHc0J0d2NiNEE3\nSTRSemtSZHNNYTZsM2R2dFZ1NDBrMlEKINJTmtgKvIPewfGc4cJbMUkyLpr05FqO\ni2D+orxThR9EOiEQkqyDZVnyXV5EKi0X6voArlYonGnON+ixvIVXfA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ2VtZzZNeU1MbG9YaU1C\nSEMrSGExNUFCbXpCblltYTZoZCtxcThXQldNCjJKMjVPTmQwUjhZbGg2NlJXRndH\nT3JBSUllNS9JUFo2T1N5Q1RHdS8yZkEKLS0tIDZOVGxjQkZyK0ZKWEVoQ1Y0RTA2\nVDNLVWxiQkJzSCsrZ3NiMGhUY0p3SGMKm0aff8HWwgRBX4TTnWDxozP34e06XHqe\n3zV9tf3b4D8A+kGrIUFH8cDwonZFI/UzmLYGMwTdR6pQY2nqFQ/yHQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdnlLdE5EWlVLOGg3UllH\nVGU1YnFXSGhhbTA4YzEzRzVjY2lOOXBqU3g4CkRkM2E3WGt0TFBiOEo1TzlKSlZ5\nWXNOVXRqR0c2SUJCSUpLV2VVSUVNNkkKLS0tIGE2SVVsRUZ1WE9MV2xQdDI4Q0pS\neVVOeTFqM0Nna1JiWWIwUFVaMlpiMEUKR+uMYSznyF/96fASHi2PUMy/cN9BSriN\nR0Bur8eEOWTPjOWh6s409SQU0nSDxDxpL0b9ew7uMM9+Fdig7R8IzA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNUhrR21TOWM0NmNCMXZn\nRnYyZWxzUStTMVEvNm9Rd1V3WkhGa2IzTFhjCmtmRlFjTjZDNkFKQnZ5UU4rOFRM\nTzZUdUVpejdwbGtzNlVHWUI5WlV0ak0KLS0tIFRVcnc4NDVtcnFVbmZ0cVRwdUZa\neGcxcjNXNVJrUFdHdkVYdzdWK3hHY2MKl3HLaFYSNIPTrwj1dYnmZd59cRxMAQUe\n49h+r9F5W/zxyRaJuIYcR4XeQ1hmoclW9/7Sfri9Wb9QCmisGpwWqA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-02-17T16:29:00Z",
|
||||
|
||||
@ -8,19 +8,15 @@
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c3pEOWR0Zi8yU0FGNWQx\nL3A3Y3Y3TXFFdFBNdmJxV3h3WUIxaFZQcHg4CkM0Mkg0SGdTK3U0Z2RDSUNPLzNa\na05uZ3VlbzBxR1FibVVZa0xZTDRrYVUKLS0tIEUrR3RBdjRKRUdIMm5rUUdEajFN\nSHI4anZRa2g4U2E4enJZdDR6RlNoajAKA01UMRoBgwNtha7W05xK+hYJY6oaVvF8\n9v0oi6a+ZONaboHFmiNK89ojCaI/xmtciRXwIpiZnJeAq5OlUyeuqw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZWQwVVM1VWVuU3BCMTdG\nK002ZENmcG03OWdsbFV0VXVodjJmeWVoOTJNCktaVEU1Z3owMStpYTl5WVpaSkpL\nLzNHRjNSeWJVbm9PWUNmTHFzUWkxemMKLS0tIGk0TjJNMmx5Ukxqc2wvb1YzVEUr\nYUE5ZkZXWkdRYXk0ZnE3YXVKNWdUaGsKaz3aAsi1J4/A/2CWIpYpa+mXjlnmreUZ\nkhxF8FB7YWAyKtlunu/IfhmO2eNX4yB4jixCcGSrOaBjiIsvHEmRPw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNktTT3FTSzFRWjhxN0xt\ncklXZmRITDkzaDRtaCtmOWxYWlkrcUlIclNJCjVjeDd0Q3l2ZVRwM2duV3p6Wk5r\nOU9ZNnZ3SVQyTHJDb2FVVW5lQnNiTk0KLS0tIDZvOWROODZGUmw0RUh4YXowTnA0\nTHhyTFo1elZUU1JOVDczd1BGZ2lqZXMKrnwColUqyXHwMwT8hRD0yOzqKu0CINJN\n9ileAN3OTZfjEbfj8Ay9QNEG6ZyytWvsuoC71CsD6W8A7goURgeDZA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYVJiUTdGQnBrRG5PeFAy\nc2tQOGEwRG94LzJ3ZG5FczdRT1ZQU1pockNBCklMeGh1N0lkY2VkNVVxaXV6THJW\nVlhMS1M2U29qRHgxc1JBWFlnbWNpMjgKLS0tIExzOGVyeS9Qd3A4VzVWWERZZTJj\nSDNiUXh0SFh5TzhYcXl0cDFWMGJVWUUKgeik/hYj3WgmqEh2+Rw4GSHsX3ZnipOm\nuVpoBGcy5S45i6nzA7NVFH2cWUyxuSx6pzRftEEDI4/p+rJoo9K5gQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMGFEN3A0dnQ0a0JkU3hv\nUzRmVE1UZDlITnFEeXlpdG11cnpNUWo1K3pNCnlUcTdMSDQrNEVBOUV5WEZiVmp2\nSXlMMHlDL1dCWnZpNWZrSkNjN1k3d2sKLS0tIE9mSy84N3U5blhkQUFuemt5UzhQ\ndTVsVktvSlN5OGRGWHpKMzZxOXVWb0kK1ZzqmeYTfCqGcn+2M9oFUh2YS2ZifHdZ\nhw979F23r4W5eUxiKfhuXClZDXMR1wjOPFvP/vk65s6tIapNE52W9Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSWttMm9oNDREYUduMVRP\nMVdKclhieG5SK01JcUF6STkzcmx3SDJxamhjCmJSdm9YSjduMnNKNlVhQlRDbzVi\nK0I1dE4zbmNHajZvVFRRcGNaOWY2UVUKLS0tIG9WKzZKQm5ob0VUVjRQdWIwd3Iy\neEpJQWxTOFdLTnhHV2dwUTMxam9WdTAKC6SFo+qZRHedKKg/nK5E3qO+nMQgYOiJ\nnw4HqD81zXrLbzoPCPfrfcqnFMFFAlPVoWMvG8UTO2YxOJlLjsRaQw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdGt2bmt3elQ2d25OSzVZ\nbWc0RGxVN01KWHhxUkk5YXNQbkNIZkQzOXc4Cm5TOER5L0RmbmhSRzMzVERabTdw\nMDJYZWxTUjJJTG9vOFAxNjVtcE9wbUUKLS0tIEdrLzN2TkhDNkhISE1jeWtySUNx\nSG9BWXg4ei9aSXRubTdHWWVSVmZFNUEKqr5uZ0Da1GKHE/ITP2cHFsLNf6p54Vxd\neE/aubkHsWBH7LvfRbx9n3HUbTIKX769k8JQzRtZVcsCGFSTJDlb0A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-02-17T16:32:53Z",
|
||||
|
||||
@ -11,38 +11,29 @@ sops:
|
||||
- recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5bTM3cDN5clprd0JENXpB
|
||||
RmJHYm8zak8xa21LYVhTS2VTVTg5akRyb3lnCnpPU05KTHhtVG9hMlYyMDhIbzd1
|
||||
NkpOck5SUTNJZkdNUFVyb2x3RGdYQkUKLS0tIGRORUVXWHNDZXF0bmtHaDlqZHU4
|
||||
UWJ2Z2VLSDBXQXBmaW4zeWU2NUt1Q1UKbb0V/aQ0gukeN/F+nDVzAQI79X7bNZtQ
|
||||
Cy8JZh8+NCXx9IYDQHbsvVsq//M69UO1WJjqiAIOa/LUOtytcJ3FOw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaXBJT0VHb2p2YmlZUi9n
|
||||
NGJJZ2E2V1Q0bGdSVVFCOGlWSFpUblR1RDM4CmRiMTdFSXh5YW9PRDVuY2VVKzg3
|
||||
czArTnRvaVNLRFBxcXVMdVlCT1h1ckkKLS0tIDBQNVhBdm1DVFZZK3EvVTlSYXNP
|
||||
RWdtU2c5VzZMRDBYMWtQSkxaVjR1dFUKfmXTFZANe01r9DYuzDxFBE5cUG5G+FDO
|
||||
QLhMAQ1gRo0Aqa+YD7fhk73uFQo7jysED2QMRvKkpk57wrbdE/SpRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXdnRUtWQWFWWGJuUzZS
|
||||
ZGdPRGw5Qms3Mjh5N05aREFNWFloOWF4QTBrCnBIY2RDaTd0TE5ydTMyQzU5bitn
|
||||
eWI3OHZLTWhRWThJVjVGcElLN3lWS2sKLS0tIFVPSWVrTXBib3M0OThhV2x0eXJF
|
||||
TFgyV01iWk5RQXQzLzlna1NEd1MwWncKiZHoBrCZq2qfZIm+jbsv14QTvD5owODz
|
||||
bLnTzQ7O3TIEsyuNXlpIeNjTZXEcSmRj981WScxTYvEwy9vcJq/6+w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdUVSNGdTcDQycEpvMkVz
|
||||
VlJlZkZ2M043azhMa3o4U1hxOGcvbUxEejN3CnAvN0ZuUDJtRzVGMHNteDVaY0Jr
|
||||
UTJyVjlKNFFETlFWbU80R0YxREF1Y2MKLS0tIFVwUFo0RHU1TEJuQ1RNY2pXZnUz
|
||||
VjlCN2NnQnIzcHpvU0IwQmgwWFprYTgKaWBhrnch+ufylR4a0Lhc+fB8D2Q/NJ6p
|
||||
bpxZK0wwlOgv7ZB0l9x4sJUq9gRpLYTinx0Rr2C/SlkOOIEzx0TbJA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIbG9oZ3E2VE9PaHQyemZO
|
||||
bTdwdkp1dDJXZWpNK3VOd1U4b2IzOUlHZVNNCnBBdk9FRWtIcXRSQzl0dDZZbnRD
|
||||
dVl1dDI4ZXVYT3JBVWtTOE9vYVBlRVUKLS0tIEFUWWFaU3BKb2tCeHYxc1IzSEhM
|
||||
U1g0ZnYzWU1pUXNvVWp2UkRnU2xISkkKrnk4x8fpHeRGhCh2VzG9Se6Ka6+/iBrW
|
||||
BdPVtT97nWIW7viVO7zioYXdnWp3m2JUbu9BF9bc9AdP6Lxz4mEMGA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcFFiMklwQW9nQlpqUjNW
|
||||
cDc3Z2tVUVBzWTNlcFJ4YkZzcmw4NzZDU1JZClRmQmdGaElCWTRuSCtsZVpjTUk0
|
||||
SFNRY0FGeEx6NkxlWHNtTWxQUzlKajQKLS0tIExCUXFXMWZTVk1CTHVxUzBhYmM0
|
||||
NzdoVWR3TlBrZHYzYzBKelc0UTRvbUkK6O1Lpi6hcMHyFA3E8yJO+1LkXR/10xnW
|
||||
ViKILGcsw4AdsRGNL5fHxQECR11WsEARetpX5GlixC0lvS/Til8YWA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmV05Tdndqcnc3bk8wbSt0
|
||||
M09nTFpLN05QMGhGSW5YU0o3Y2xIV3p4SkdrCk90VUFHK2x3bXk5ZGFFdCtCR1Z1
|
||||
YnZwTndOck5HTmpWcTlqYm5yTU9wVjQKLS0tIGM3UUFtek5TTkI1bFdNbzMrYUxi
|
||||
N3daQU9HZXNpblpRYW43TmNXN3RFMVUKudJWBDpnk2ImA5f1VtuupUJU7bFTm8P/
|
||||
kkQItnpA1nPGzVUUpHuN/31YqKTnKs/tW1V+IArR/Dl/4eo9tATmLg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-03-06T19:07:50Z"
|
||||
mac: ENC[AES256_GCM,data:I8eH+R1DREziItvmEO+/vNM0NdR7Aq9Ob6AeyJ47JDabfkDM0ihwO8uz/WMHVyQ0FSwVDXj29VzcQZyYCEi6YIz6LV0sMbuOOC8Na26/O4GQ5rHIPD1J2li+qsKDNOgLfkyNZFUJXqXkrbX8hwiytM+Hda+xAYqfQGN/2S3jipM=,iv:wGP41trqYl9nYHYOKu4bPANnA+lsuDsxq78Qq8io70M=,tag:3f9sH171Dxys5fNphTgjbg==,type:str]
|
||||
|
||||
@ -1,11 +1,19 @@
|
||||
variable "passphrase" {}
|
||||
|
||||
terraform {
|
||||
backend "http" {
|
||||
address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io"
|
||||
lock_address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
|
||||
unlock_address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
|
||||
lock_method = "POST"
|
||||
unlock_method = "DELETE"
|
||||
retry_wait_min = "5"
|
||||
encryption {
|
||||
key_provider "pbkdf2" "sops" {
|
||||
passphrase = var.passphrase
|
||||
}
|
||||
|
||||
method "aes_gcm" "sops" {
|
||||
keys = key_provider.pbkdf2.sops
|
||||
}
|
||||
|
||||
state {
|
||||
method = method.aes_gcm.sops
|
||||
enforced = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
1
targets/nixos-wiki.nixos.org/terraform.tfstate
Normal file
1
targets/nixos-wiki.nixos.org/terraform.tfstate
Normal file
File diff suppressed because one or more lines are too long
@ -4,5 +4,7 @@ set -euo pipefail
|
||||
cd "$(dirname "$0")"
|
||||
rm -f .terraform.lock.hcl
|
||||
nix build .#checks.x86_64-linux.test -L
|
||||
tofu init -backend-config="password=$GITLAB_TOKEN" -backend-config="username=$GITLAB_USER"
|
||||
tofu apply "$@"
|
||||
TF_VAR_passphrase=$(sops -d ../admins/secrets/terraform-passphrase)
|
||||
export TF_VAR_passphrase
|
||||
tofu init
|
||||
tofu "$@"
|
||||
Loading…
x
Reference in New Issue
Block a user