various updates

.envrc.private-template

@@ -2,8 +2,5 @@
 export GITLAB_USER=<your-gitlab-username>
 export GITLAB_TOKEN=<your-gitlab-token>
 
-# https://app.netlify.com/user/applications#personal-access-tokens
-export NETLIFY_TOKEN=<your-netlify-token>
-
 # https://console.hetzner.cloud/projects/2356507/security/tokens
 export HCLOUD_TOKEN=<your-hetzner-token>

flake.nix

@@ -45,17 +45,20 @@
         };
         packages.default =
           pkgs.mkShell {
-            packages = [
+            packages =
-              pkgs.bashInteractive
+              let
-              pkgs.sops
+                halalify = drv: drv.overrideAttrs (_old: { meta = _old.meta // { license = lib.licenses.free; }; });
-              (pkgs.opentofu.withPlugins (p: [
+              in
-                p.netlify
+              [
-                p.hcloud
+                pkgs.bashInteractive
-                p.null
+                pkgs.sops
-                p.external
+                (halalify (pkgs.terraform.withPlugins (p: [
-                p.local
+                  p.hcloud
-              ]))
+                  p.null
-            ];
+                  p.external
+                  p.local
+                ])))
+              ];
           };
 
         checks =

modules/nixos-wiki/default.nix

@@ -55,8 +55,8 @@ in
       }; # Github login
       extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha
       extensions.StopForumSpam = pkgs.fetchzip {
-        url = "https://extdist.wmflabs.org/dist/extensions/StopForumSpam-REL1_41-0abdc44.tar.gz";
+        url = "https://extdist.wmflabs.org/dist/extensions/StopForumSpam-REL1_41-73c94fb.tar.gz";
-        hash = "sha256-FLaL8ztlJtUPh76/3WCFPKuH2+gjz1paaWWZ8pu66hA=";
+        hash = "sha256-UVRKDqgg4abj5gnbx8fytkkOeEwC+o68SEYlG4WFrcU=";
       };
 
       extraConfig = ''

targets/admins/apply.sh

@@ -1 +0,0 @@
-../staging.nixos-wiki.thalheim.io/apply.sh

targets/admins/apply.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+rm -f .terraform.lock.hcl
+terraform init -backend-config="password=$GITLAB_TOKEN" -backend-config="username=$GITLAB_USER"
+terraform apply
+

targets/admins/terraform.tf

@@ -10,7 +10,7 @@ terraform {
 }
 
 module "wiki" {
-  source = "../../modules/admins"
+  source = "../../terraform/admins"
   ssh_keys = {
     mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
     julien = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"

targets/nixos-wiki2.thalheim.io/nixos-vars.json

@@ -1 +1 @@
-{"ipv6_address":"2a01:4f9:c012:afb9::1","ssh_keys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"]}
+{"ipv6_address":"2a01:4f9:c012:4fe3::1","ssh_keys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"]}

targets/nixos-wiki2.thalheim.io/terraform.tf

@@ -1,8 +1,8 @@
 terraform {
   backend "http" {
-    address        = "https://gitlab.com/api/v4/projects/45776186/terraform/state/nixos-wiki2.thalheim.io"
+    address        = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io"
-    lock_address   = "https://gitlab.com/api/v4/projects/45776186/terraform/state/nixos-wiki2.thalheim.io/lock"
+    lock_address   = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
-    unlock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/nixos-wiki2.thalheim.io/lock"
+    unlock_address = "https://gitlab.com/api/v4/projects/54760013/terraform/state/nixos-wiki2.thalheim.io/lock"
     lock_method    = "POST"
     unlock_method  = "DELETE"
     retry_wait_min = "5"
@@ -11,7 +11,6 @@ terraform {
 
 module "wiki" {
   source           = "../../terraform/nixos-wiki"
-  netlify_dns_zone = "nixos-wiki2.thalheim.io"
   domain           = "nixos-wiki2.thalheim.io"
   nixos_flake_attr = "nixos-wiki2-thalheim-io"
   nixos_vars_file  = "${path.module}/nixos-vars.json"
@@ -21,3 +20,11 @@ module "wiki" {
     Target    = "nixos-wiki2.thalheim.io"
   }
 }
+
+output "ipv4_address" {
+  value = module.wiki.ipv4_address
+}
+
+output "ipv6_address" {
+  value = module.wiki.ipv6_address
+}

terraform/nixos-wiki/dns.tf

@@ -1,18 +0,0 @@
-resource "netlify_dns_zone" "nixos" {
-  site_id = ""
-  name    = var.netlify_dns_zone
-}
-
-resource "netlify_dns_record" "nixos_wiki_a" {
-  zone_id  = netlify_dns_zone.nixos.id
-  hostname = var.domain
-  type     = "A"
-  value    = hcloud_server.nixos_wiki.ipv4_address
-}
-
-resource "netlify_dns_record" "nixos_wiki_aaaa" {
-  zone_id  = netlify_dns_zone.nixos.id
-  hostname = var.domain
-  type     = "AAAA"
-  value    = hcloud_server.nixos_wiki.ipv6_address
-}

terraform/nixos-wiki/main.tf

@@ -41,3 +41,11 @@ locals {
     ssh_keys     = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key
   }
 }
+
+output "ipv4_address" {
+  value = hcloud_server.nixos_wiki.ipv4_address
+}
+
+output "ipv6_address" {
+  value = hcloud_server.nixos_wiki.ipv6_address
+}

terraform/nixos-wiki/providers.tf

@@ -1,6 +1,5 @@
 terraform {
   required_providers {
-    netlify = { source = "AegirHealth/netlify" }
     hcloud  = { source = "hetznercloud/hcloud" }
     local   = { source = "hashicorp/local" }
   }

terraform/nixos-wiki/variables.tf

@@ -1,6 +1,6 @@
 variable "server_type" {
   type        = string
-  default     = "cx21"
+  default     = "cpx21"
   description = "Hetzner cloud server type"
 }
 
@@ -10,11 +10,6 @@ variable "server_location" {
   description = "Hetzner cloud server location"
 }
 
-variable "netlify_dns_zone" {
-  type        = string
-  description = "Netlify DNS zone"
-}
-
 variable "nixos_vars_file" {
   type        = string
   description = "File to write NixOS configuration variables to"