From c10124a786d016e11080576a04da7382e0d9cea4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 14 May 2023 18:18:38 +0200 Subject: [PATCH] move ssh keys to its own target --- terraform/modules/admins/main.tf | 8 ++++++ terraform/modules/admins/providers.tf | 5 ++++ terraform/modules/admins/variables.tf | 5 ++++ terraform/modules/wiki/main.tf | 26 +++++++++---------- terraform/modules/wiki/variables.tf | 5 ---- terraform/targets/admins/apply.sh | 1 + terraform/targets/admins/terraform.tf | 17 ++++++++++++ .../nixos-wiki.thalheim.io/terraform.tf | 3 --- .../terraform.tf | 3 --- 9 files changed, 48 insertions(+), 25 deletions(-) create mode 100644 terraform/modules/admins/main.tf create mode 100644 terraform/modules/admins/providers.tf create mode 100644 terraform/modules/admins/variables.tf create mode 120000 terraform/targets/admins/apply.sh create mode 100644 terraform/targets/admins/terraform.tf diff --git a/terraform/modules/admins/main.tf b/terraform/modules/admins/main.tf new file mode 100644 index 0000000..5245e8b --- /dev/null +++ b/terraform/modules/admins/main.tf @@ -0,0 +1,8 @@ +resource "hcloud_ssh_key" "hcloud" { + for_each = var.ssh_keys + name = each.key + public_key = each.value + labels = { + "wiki" = "true" + } +} diff --git a/terraform/modules/admins/providers.tf b/terraform/modules/admins/providers.tf new file mode 100644 index 0000000..5e660df --- /dev/null +++ b/terraform/modules/admins/providers.tf @@ -0,0 +1,5 @@ +terraform { + required_providers { + hcloud = { source = "hetznercloud/hcloud" } + } +} diff --git a/terraform/modules/admins/variables.tf b/terraform/modules/admins/variables.tf new file mode 100644 index 0000000..c09e2be --- /dev/null +++ b/terraform/modules/admins/variables.tf @@ -0,0 +1,5 @@ +variable "ssh_keys" { + type = map(string) + description = "SSH public keys for admin user (name -> key)" +} + diff --git a/terraform/modules/wiki/main.tf b/terraform/modules/wiki/main.tf index de940fb..cef9e2b 100644 --- a/terraform/modules/wiki/main.tf +++ b/terraform/modules/wiki/main.tf @@ -1,8 +1,6 @@ # Record the SSH public key into Hetzner Cloud -resource "hcloud_ssh_key" "hcloud" { - for_each = var.admin_ssh_keys - name = "${var.domain}-${each.key}" - public_key = each.value +data "hcloud_ssh_keys" "nixos_wiki" { + with_selector = "wiki=true" } resource "hcloud_server" "nixos_wiki" { @@ -10,7 +8,7 @@ resource "hcloud_server" "nixos_wiki" { keep_disk = true name = "nixos-wiki" server_type = var.server_type - ssh_keys = [for k in hcloud_ssh_key.hcloud : k.id] + ssh_keys = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.name backups = false labels = var.tags @@ -23,15 +21,15 @@ resource "hcloud_server" "nixos_wiki" { } } -module "deploy" { - depends_on = [local_file.nixos_vars] - source = "github.com/numtide/nixos-anywhere//terraform/all-in-one" - nixos_system_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel" - nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps" - target_host = hcloud_server.nixos_wiki.ipv4_address - instance_id = hcloud_server.nixos_wiki.id - debug_logging = true -} +#module "deploy" { +# depends_on = [local_file.nixos_vars] +# source = "github.com/numtide/nixos-anywhere//terraform/all-in-one" +# nixos_system_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel" +# nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps" +# target_host = hcloud_server.nixos_wiki.ipv4_address +# instance_id = hcloud_server.nixos_wiki.id +# debug_logging = true +#} locals { nixos_vars = { diff --git a/terraform/modules/wiki/variables.tf b/terraform/modules/wiki/variables.tf index fda1fbf..7accd12 100644 --- a/terraform/modules/wiki/variables.tf +++ b/terraform/modules/wiki/variables.tf @@ -1,8 +1,3 @@ -variable "admin_ssh_keys" { - type = map(string) - description = "SSH public keys for admin user (name -> key)" -} - variable "server_type" { type = string default = "cx21" diff --git a/terraform/targets/admins/apply.sh b/terraform/targets/admins/apply.sh new file mode 120000 index 0000000..1bbce45 --- /dev/null +++ b/terraform/targets/admins/apply.sh @@ -0,0 +1 @@ +../staging.nixos-wiki.thalheim.io/apply.sh \ No newline at end of file diff --git a/terraform/targets/admins/terraform.tf b/terraform/targets/admins/terraform.tf new file mode 100644 index 0000000..95d8475 --- /dev/null +++ b/terraform/targets/admins/terraform.tf @@ -0,0 +1,17 @@ +terraform { + backend "http" { + address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins" + lock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock" + unlock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock" + lock_method = "POST" + unlock_method = "DELETE" + retry_wait_min = "5" + } +} + +module "wiki" { + source = "../../modules/admins" + ssh_keys = { + mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine" + } +} diff --git a/terraform/targets/nixos-wiki.thalheim.io/terraform.tf b/terraform/targets/nixos-wiki.thalheim.io/terraform.tf index aad3441..ef9a603 100644 --- a/terraform/targets/nixos-wiki.thalheim.io/terraform.tf +++ b/terraform/targets/nixos-wiki.thalheim.io/terraform.tf @@ -11,9 +11,6 @@ terraform { module "wiki" { source = "../../modules/wiki" - admin_ssh_keys = { - mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine" - } netlify_dns_zone = "wiki.thalheim.io" domain = "wiki.thalheim.io" nixos_flake_attr = "nixos-wiki-production" diff --git a/terraform/targets/staging.nixos-wiki.thalheim.io/terraform.tf b/terraform/targets/staging.nixos-wiki.thalheim.io/terraform.tf index 04d5f57..a249be3 100644 --- a/terraform/targets/staging.nixos-wiki.thalheim.io/terraform.tf +++ b/terraform/targets/staging.nixos-wiki.thalheim.io/terraform.tf @@ -11,9 +11,6 @@ terraform { module "wiki" { source = "../../modules/wiki" - admin_ssh_keys = { - mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine" - } netlify_dns_zone = "wiki.thalheim.io" nixos_flake_attr = "nixos-wiki-staging" nixos_vars_file = "${path.module}/nixos-vars.json"