From 55eb4d8c0cf903fecfc892b3bf589eb190bf3bd6 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Thu, 22 Jun 2023 11:06:43 +0800 Subject: [PATCH] hosts/plover: initialize Terraform configuration --- .editorconfig | 2 +- .gitignore | 37 +++++++++++++++++++++ hosts/plover/.terraform.lock.hcl | 24 ++++++++++++++ hosts/plover/main.tf | 57 ++++++++++++++++++++++++++++++++ hosts/plover/versions.tf | 8 +++++ shell.nix | 2 ++ treefmt.toml | 5 +++ 7 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 hosts/plover/.terraform.lock.hcl create mode 100644 hosts/plover/main.tf create mode 100644 hosts/plover/versions.tf diff --git a/.editorconfig b/.editorconfig index d583a75d..d7c9e174 100644 --- a/.editorconfig +++ b/.editorconfig @@ -4,6 +4,6 @@ root = true end_of_line = lf insert_final_newline = true -[*.{nix,yaml,json}] +[*.{nix,yaml,json,tf}] indent_style = space indent_size = 2 diff --git a/.gitignore b/.gitignore index 65f0ff49..0bdfbf6b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,40 @@ .direnv result* *.qcow2 + +### Terraform ### +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + diff --git a/hosts/plover/.terraform.lock.hcl b/hosts/plover/.terraform.lock.hcl new file mode 100644 index 00000000..8bdc3050 --- /dev/null +++ b/hosts/plover/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hetznercloud/hcloud" { + version = "1.40.0" + constraints = "1.40.0" + hashes = [ + "h1:73wGxI4xen4QdT5D1HBhcn1Ll1itFu1b6r4ggflG2OM=", + "zh:0451768ebac9c01b2cc9b3fa63014baa6d1d92e4b5cda9f98a15c320eabc62bd", + "zh:399a3c8fd13e69d8ac836ff5cb3e49eaa13f8d588390862d3c84e5221b85a5ec", + "zh:3f1e2310eaf0945e8df20e841437119b4f1a4fbcbf5c8ef9f66d086a6206df2e", + "zh:5088bd924089c49717fd90fd4893df6caccf978b53bdad79762383c519987290", + "zh:50c178c74bc5aaba5f5d5a0fd51257136b6f2cc0b44bc02b0603f656daad8ee7", + "zh:6a25d234eef37ca727bf20aebeb6a2d3cabbc6338b5e53e98aed222def4b1c86", + "zh:7489d6b14b49916d7181e444880ad1f3914606beda0b7c21485e969ba43f84eb", + "zh:8ded3bfeb885a61a6895e400d1476d15500f2a1a67da440ddd4b1ee2fad0407d", + "zh:b34e3430d48c48edbd49064e500e84765ce03d97c01d855db71c738e1928b97d", + "zh:c36241fc84663e90fd693a74773a22a459c55edae71141f13aba58a267cb09ab", + "zh:c5add5e07edf1876486f4ecfa103f3e500040b4801b8cdf68a91224d3bc6c636", + "zh:ebced845b6be85ca6cf3435eec84514146a48ab6438c700f2e48b7e86d89ff37", + "zh:f543dce13d3c28bf1327452a3922acda70742fc53fefe9628666391f448de99e", + "zh:fa1e04522a1fdf8383f93ec5ffd18424abe99a5ce4a1a8af7e4cd28fce43bb1a", + ] +} diff --git a/hosts/plover/main.tf b/hosts/plover/main.tf new file mode 100644 index 00000000..d58b035e --- /dev/null +++ b/hosts/plover/main.tf @@ -0,0 +1,57 @@ +variable "hcloud_token" { + sensitive = true +} + +provider "hcloud" { + token = var.hcloud_token +} + +resource "hcloud_server" "plover" { + name = "plover" + image = "debian-12" + server_type = "cx21" + location = "hel1" + datacenter = "hel1-dc2" + + ssh_keys = [ hcloud_ssh_key.foodogsquared.id ] + + delete_protection = true + rebuild_protection = true + + user_data = file("${path.module}/files/hcloud/hcloud-user-data.yml") + + public_net { + ipv4_enabled = true + ipv6_enabled = true + } + + network { + network_id = hcloud_network.plover.id + ip = "172.27.0.1" + alias_ips = [ + "172.27.0.2", + "172.27.0.3" + ] + } + + depends_on = [ + hcloud_network_subnet.plover-subnet + ] +} + +resource "hcloud_ssh_key" "foodogsquared" { + name = "foodogsquared@foodogsquared.one" + public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPR52KfVODfKsgdvYSoQinV3kyOTZ4mtKa0fah5Wkfr foodogsquared@foodogsquared.one" +} + +resource "hcloud_network" "plover" { + name = "plover" + ip_range = "172.16.0.0/12" +} + +resource "hcloud_network_subnet" "plover-subnet" { + network_id = hcloud_network.plover.id + type = "cloud" + network_zone = "eu-central" + ip_range = "172.27.0.0/16" +} diff --git a/hosts/plover/versions.tf b/hosts/plover/versions.tf new file mode 100644 index 00000000..170b997f --- /dev/null +++ b/hosts/plover/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = "1.40.0" + } + } +} diff --git a/shell.nix b/shell.nix index 11aa1330..e46f4f12 100644 --- a/shell.nix +++ b/shell.nix @@ -10,11 +10,13 @@ pkgs.mkShell { sops treefmt deploy-rs + terraform # Language servers for various parts of the config that uses a language. lua-language-server pyright rnix-lsp + terraform-ls # Formatters... stylua # ...for Lua. diff --git a/treefmt.toml b/treefmt.toml index d5a55b72..152fe5f9 100644 --- a/treefmt.toml +++ b/treefmt.toml @@ -9,3 +9,8 @@ includes = [ "*.nix" ] [formatter.python] command = "black" includes = [ "*.py" ] + +[formatter.terraform] +command = "terraform" +options = [ "fmt" ] +includes = [ "*.tf" ]