move ssh keys to its own target

terraform/modules/admins/main.tf

@@ -0,0 +1,8 @@
+resource "hcloud_ssh_key" "hcloud" {
+  for_each   = var.ssh_keys
+  name       = each.key
+  public_key = each.value
+  labels = {
+    "wiki" = "true"
+  }
+}

terraform/modules/admins/providers.tf

@@ -0,0 +1,5 @@
+terraform {
+  required_providers {
+    hcloud     = { source = "hetznercloud/hcloud" }
+  }
+}

terraform/modules/admins/variables.tf

@@ -0,0 +1,5 @@
+variable "ssh_keys" {
+  type = map(string)
+  description = "SSH public keys for admin user (name -> key)"
+}
+

terraform/modules/wiki/main.tf

@@ -1,8 +1,6 @@
 # Record the SSH public key into Hetzner Cloud
-resource "hcloud_ssh_key" "hcloud" {
+data "hcloud_ssh_keys" "nixos_wiki" {
-  for_each   = var.admin_ssh_keys
+  with_selector = "wiki=true"
-  name       = "${var.domain}-${each.key}"
-  public_key = each.value
 }
 
 resource "hcloud_server" "nixos_wiki" {
@@ -10,7 +8,7 @@ resource "hcloud_server" "nixos_wiki" {
   keep_disk   = true
   name        = "nixos-wiki"
   server_type = var.server_type
-  ssh_keys    = [for k in hcloud_ssh_key.hcloud : k.id]
+  ssh_keys    = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.name
   backups     = false
   labels      = var.tags
 
@@ -23,15 +21,15 @@ resource "hcloud_server" "nixos_wiki" {
   }
 }
 
-module "deploy" {
+#module "deploy" {
-  depends_on             = [local_file.nixos_vars]
+#  depends_on             = [local_file.nixos_vars]
-  source                 = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
+#  source                 = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
-  nixos_system_attr      = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
+#  nixos_system_attr      = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
-  nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
+#  nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
-  target_host            = hcloud_server.nixos_wiki.ipv4_address
+#  target_host            = hcloud_server.nixos_wiki.ipv4_address
-  instance_id            = hcloud_server.nixos_wiki.id
+#  instance_id            = hcloud_server.nixos_wiki.id
-  debug_logging          = true
+#  debug_logging          = true
-}
+#}
 
 locals {
   nixos_vars = {

terraform/modules/wiki/variables.tf

@@ -1,8 +1,3 @@
-variable "admin_ssh_keys" {
-  type = map(string)
-  description = "SSH public keys for admin user (name -> key)"
-}
-
 variable "server_type" {
   type = string
   default = "cx21"

terraform/targets/admins/apply.sh

@@ -0,0 +1 @@
+../staging.nixos-wiki.thalheim.io/apply.sh

terraform/targets/admins/terraform.tf

@@ -0,0 +1,17 @@
+terraform {
+  backend "http" {
+    address        = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins"
+    lock_address   = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock"
+    unlock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock"
+    lock_method    = "POST"
+    unlock_method  = "DELETE"
+    retry_wait_min = "5"
+  }
+}
+
+module "wiki" {
+  source = "../../modules/admins"
+  ssh_keys = {
+    mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
+  }
+}

terraform/targets/nixos-wiki.thalheim.io/terraform.tf

@@ -11,9 +11,6 @@ terraform {
 
 module "wiki" {
   source = "../../modules/wiki"
-  admin_ssh_keys = {
-    mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
-  }
   netlify_dns_zone = "wiki.thalheim.io"
   domain           = "wiki.thalheim.io"
   nixos_flake_attr = "nixos-wiki-production"

terraform/targets/staging.nixos-wiki.thalheim.io/terraform.tf

@@ -11,9 +11,6 @@ terraform {
 
 module "wiki" {
   source = "../../modules/wiki"
-  admin_ssh_keys = {
-    mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
-  }
   netlify_dns_zone = "wiki.thalheim.io"
   nixos_flake_attr = "nixos-wiki-staging"
   nixos_vars_file = "${path.module}/nixos-vars.json"