-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
115 lines (96 loc) · 2.79 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# TODO split this messy file into different files and/or refactor using modules
terraform {
backend "s3" {
bucket = "nix-pizza-terraform-state"
key = "terraform.tfstate"
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
use_path_style = true
}
}
provider "cloudflare" {
api_token = var.cloudflare_api_token
}
provider "cloudflare" {
alias = "dns"
api_token = var.cloudflare_dns_token
}
resource "cloudflare_r2_bucket" "cloudflare-bucket" {
account_id = var.cloudflare_account_id
name = "nix-pizza-terraform-state"
location = "WEUR"
}
provider "hcloud" {
token = var.hcloud_token
}
locals {
ssh_public_keys = jsondecode(file(var.ssh_public_keys))
}
resource "hcloud_ssh_key" "ssh_public_keys" {
name = "hcloud_ssh_key-${each.key}"
for_each = local.ssh_public_keys
public_key = each.value
}
resource "hcloud_server" "nix-pizza" {
name = "nix-pizza"
image = "debian-11" # used only for the initial bootstrapping
server_type = "cax11"
location = "fsn1"
ssh_keys = [for _, v in hcloud_ssh_key.ssh_public_keys : v.id]
public_net {
ipv4_enabled = true
ipv6_enabled = true
}
lifecycle {
ignore_changes = [
ssh_keys
]
}
}
module "deploy" {
source = "github.com/nix-community/nixos-anywhere//terraform/all-in-one"
nixos_system_attr = ".#nixosConfigurations.nix-pizza.config.system.build.toplevel"
nixos_partitioner_attr = ".#nixosConfigurations.nix-pizza.config.system.build.diskoScript"
target_host = hcloud_server.nix-pizza.ipv4_address
instance_id = hcloud_server.nix-pizza.id
}
data "cloudflare_zone" "nix_pizza_zone" {
provider = cloudflare.dns
name = "nix.pizza"
}
resource "cloudflare_record" "root_record_4" {
provider = cloudflare.dns
zone_id = data.cloudflare_zone.nix_pizza_zone.id
name = "@"
value = hcloud_server.nix-pizza.ipv4_address
type = "A"
ttl = 300
}
resource "cloudflare_record" "root_record_6" {
provider = cloudflare.dns
zone_id = data.cloudflare_zone.nix_pizza_zone.id
name = "@"
value = hcloud_server.nix-pizza.ipv6_address
type = "AAAA"
ttl = 300
}
resource "cloudflare_record" "wildcard_record_4" {
provider = cloudflare.dns
zone_id = data.cloudflare_zone.nix_pizza_zone.id
name = "*"
value = hcloud_server.nix-pizza.ipv4_address
type = "A"
ttl = 300
}
resource "cloudflare_record" "wildcard_record_6" {
provider = cloudflare.dns
zone_id = data.cloudflare_zone.nix_pizza_zone.id
name = "*"
value = hcloud_server.nix-pizza.ipv6_address
type = "AAAA"
ttl = 300
}