hosts/plover: initialize Terraform configuration

2025-01-30 22:57:55 +00:00 · 2023-06-22 11:06:43 +08:00 · 2023-06-22 11:06:43 +08:00 · 55eb4d8c0c
commit 55eb4d8c0c
parent 241e2080f2
7 changed files with 134 additions and 1 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -4,6 +4,6 @@ root = true
 end_of_line = lf
 insert_final_newline = true

-[*.{nix,yaml,json}]
+[*.{nix,yaml,json,tf}]
 indent_style = space
 indent_size = 2
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,40 @@
 .direnv
 result*
 *.qcow2
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
--- a/hosts/plover/.terraform.lock.hcl
+++ b/hosts/plover/.terraform.lock.hcl
@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version     = "1.40.0"
+  constraints = "1.40.0"
+  hashes = [
+    "h1:73wGxI4xen4QdT5D1HBhcn1Ll1itFu1b6r4ggflG2OM=",
+    "zh:0451768ebac9c01b2cc9b3fa63014baa6d1d92e4b5cda9f98a15c320eabc62bd",
+    "zh:399a3c8fd13e69d8ac836ff5cb3e49eaa13f8d588390862d3c84e5221b85a5ec",
+    "zh:3f1e2310eaf0945e8df20e841437119b4f1a4fbcbf5c8ef9f66d086a6206df2e",
+    "zh:5088bd924089c49717fd90fd4893df6caccf978b53bdad79762383c519987290",
+    "zh:50c178c74bc5aaba5f5d5a0fd51257136b6f2cc0b44bc02b0603f656daad8ee7",
+    "zh:6a25d234eef37ca727bf20aebeb6a2d3cabbc6338b5e53e98aed222def4b1c86",
+    "zh:7489d6b14b49916d7181e444880ad1f3914606beda0b7c21485e969ba43f84eb",
+    "zh:8ded3bfeb885a61a6895e400d1476d15500f2a1a67da440ddd4b1ee2fad0407d",
+    "zh:b34e3430d48c48edbd49064e500e84765ce03d97c01d855db71c738e1928b97d",
+    "zh:c36241fc84663e90fd693a74773a22a459c55edae71141f13aba58a267cb09ab",
+    "zh:c5add5e07edf1876486f4ecfa103f3e500040b4801b8cdf68a91224d3bc6c636",
+    "zh:ebced845b6be85ca6cf3435eec84514146a48ab6438c700f2e48b7e86d89ff37",
+    "zh:f543dce13d3c28bf1327452a3922acda70742fc53fefe9628666391f448de99e",
+    "zh:fa1e04522a1fdf8383f93ec5ffd18424abe99a5ce4a1a8af7e4cd28fce43bb1a",
+  ]
+}
--- a/hosts/plover/main.tf
+++ b/hosts/plover/main.tf
@ -0,0 +1,57 @@
+variable "hcloud_token" {
+  sensitive = true
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
+resource "hcloud_server" "plover" {
+  name = "plover"
+  image = "debian-12"
+  server_type = "cx21"
+  location = "hel1"
+  datacenter = "hel1-dc2"
+
+  ssh_keys = [ hcloud_ssh_key.foodogsquared.id ]
+
+  delete_protection = true
+  rebuild_protection = true
+
+  user_data = file("${path.module}/files/hcloud/hcloud-user-data.yml")
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = true
+  }
+
+  network {
+    network_id  = hcloud_network.plover.id
+    ip = "172.27.0.1"
+    alias_ips = [
+      "172.27.0.2",
+      "172.27.0.3"
+    ]
+  }
+
+  depends_on = [
+    hcloud_network_subnet.plover-subnet
+  ]
+}
+
+resource "hcloud_ssh_key" "foodogsquared" {
+  name = "foodogsquared@foodogsquared.one"
+  public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPR52KfVODfKsgdvYSoQinV3kyOTZ4mtKa0fah5Wkfr foodogsquared@foodogsquared.one"
+}
+
+resource "hcloud_network" "plover" {
+  name = "plover"
+  ip_range = "172.16.0.0/12"
+}
+
+resource "hcloud_network_subnet" "plover-subnet" {
+  network_id = hcloud_network.plover.id
+  type = "cloud"
+  network_zone = "eu-central"
+  ip_range = "172.27.0.0/16"
+}
--- a/hosts/plover/versions.tf
+++ b/hosts/plover/versions.tf
@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+      version = "1.40.0"
+    }
+  }
+}
--- a/shell.nix
+++ b/shell.nix
@ -10,11 +10,13 @@ pkgs.mkShell {
    sops
    treefmt
    deploy-rs
+    terraform

    # Language servers for various parts of the config that uses a language.
    lua-language-server
    pyright
    rnix-lsp
+    terraform-ls

    # Formatters...
    stylua # ...for Lua.
--- a/treefmt.toml
+++ b/treefmt.toml
@ -9,3 +9,8 @@ includes = [ "*.nix" ]
 [formatter.python]
 command = "black"
 includes = [ "*.py" ]
+
+[formatter.terraform]
+command = "terraform"
+options = [ "fmt" ]
+includes = [ "*.tf" ]