move ssh keys to its own target

2023-05-14 18:18:38 +02:00 · 2023-05-14 18:18:38 +02:00 · c10124a786
commit c10124a786
parent c08d3f873f
9 changed files with 48 additions and 25 deletions
--- a/terraform/modules/admins/main.tf
+++ b/terraform/modules/admins/main.tf
@ -0,0 +1,8 @@
+resource "hcloud_ssh_key" "hcloud" {
+  for_each   = var.ssh_keys
+  name       = each.key
+  public_key = each.value
+  labels = {
+    "wiki" = "true"
+  }
+}
--- a/terraform/modules/admins/providers.tf
+++ b/terraform/modules/admins/providers.tf
@ -0,0 +1,5 @@
+terraform {
+  required_providers {
+    hcloud     = { source = "hetznercloud/hcloud" }
+  }
+}
--- a/terraform/modules/admins/variables.tf
+++ b/terraform/modules/admins/variables.tf
@ -0,0 +1,5 @@
+variable "ssh_keys" {
+  type = map(string)
+  description = "SSH public keys for admin user (name -> key)"
+}
+
--- a/terraform/modules/wiki/main.tf
+++ b/terraform/modules/wiki/main.tf
@ -1,8 +1,6 @@
 # Record the SSH public key into Hetzner Cloud
-resource "hcloud_ssh_key" "hcloud" {
-  for_each   = var.admin_ssh_keys
-  name       = "${var.domain}-${each.key}"
-  public_key = each.value
+data "hcloud_ssh_keys" "nixos_wiki" {
+  with_selector = "wiki=true"
 }

 resource "hcloud_server" "nixos_wiki" {
@ -10,7 +8,7 @@ resource "hcloud_server" "nixos_wiki" {
  keep_disk   = true
  name        = "nixos-wiki"
  server_type = var.server_type
-  ssh_keys    = [for k in hcloud_ssh_key.hcloud : k.id]
+  ssh_keys    = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.name
  backups     = false
  labels      = var.tags

@ -23,15 +21,15 @@ resource "hcloud_server" "nixos_wiki" {
  }
 }

-module "deploy" {
-  depends_on             = [local_file.nixos_vars]
-  source                 = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
-  nixos_system_attr      = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
-  nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
-  target_host            = hcloud_server.nixos_wiki.ipv4_address
-  instance_id            = hcloud_server.nixos_wiki.id
-  debug_logging          = true
-}
+#module "deploy" {
+#  depends_on             = [local_file.nixos_vars]
+#  source                 = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
+#  nixos_system_attr      = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
+#  nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
+#  target_host            = hcloud_server.nixos_wiki.ipv4_address
+#  instance_id            = hcloud_server.nixos_wiki.id
+#  debug_logging          = true
+#}

 locals {
  nixos_vars = {
--- a/terraform/modules/wiki/variables.tf
+++ b/terraform/modules/wiki/variables.tf
@ -1,8 +1,3 @@
-variable "admin_ssh_keys" {
-  type = map(string)
-  description = "SSH public keys for admin user (name -> key)"
-}
-
 variable "server_type" {
  type = string
  default = "cx21"
--- a/terraform/targets/admins/apply.sh
+++ b/terraform/targets/admins/apply.sh
@ -0,0 +1 @@
+../staging.nixos-wiki.thalheim.io/apply.sh
--- a/terraform/targets/admins/terraform.tf
+++ b/terraform/targets/admins/terraform.tf
@ -0,0 +1,17 @@
+terraform {
+  backend "http" {
+    address        = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins"
+    lock_address   = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock"
+    unlock_address = "https://gitlab.com/api/v4/projects/45776186/terraform/state/admins/lock"
+    lock_method    = "POST"
+    unlock_method  = "DELETE"
+    retry_wait_min = "5"
+  }
+}
+
+module "wiki" {
+  source = "../../modules/admins"
+  ssh_keys = {
+    mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
+  }
+}
--- a/terraform/targets/nixos-wiki.thalheim.io/terraform.tf
+++ b/terraform/targets/nixos-wiki.thalheim.io/terraform.tf
@ -11,9 +11,6 @@ terraform {

 module "wiki" {
  source = "../../modules/wiki"
-  admin_ssh_keys = {
-    mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
-  }
  netlify_dns_zone = "wiki.thalheim.io"
  domain           = "wiki.thalheim.io"
  nixos_flake_attr = "nixos-wiki-production"
--- a/terraform/targets/staging.nixos-wiki.thalheim.io/terraform.tf
+++ b/terraform/targets/staging.nixos-wiki.thalheim.io/terraform.tf
@ -11,9 +11,6 @@ terraform {

 module "wiki" {
  source = "../../modules/wiki"
-  admin_ssh_keys = {
-    mic92 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"
-  }
  netlify_dns_zone = "wiki.thalheim.io"
  nixos_flake_attr = "nixos-wiki-staging"
  nixos_vars_file = "${path.module}/nixos-vars.json"