poc: hcloud thru terranix

2024-01-13 17:16:49 +01:00 · 2024-01-13 17:16:49 +01:00 · 0af550d642
parent 67ec8d23f6
commit 0af550d642
3 changed files with 54 additions and 24 deletions
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@ -1,6 +1,27 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.

+provider "registry.opentofu.org/hashicorp/hcloud" {
+  version = "1.45.0"
+  hashes = [
+    "h1:BEE0B6hv1ZAmTLIO12uqIm7s3oSjmGzZLm6OzudlxAw=",
+    "zh:1c4b44a698cfaca215bdbadaf92669dd23533210c3cbf32895fbf4ff7acf6c24",
+    "zh:2915f8385559694e5097d8d0df16358200e9f0d9efb80559e9ea0bd072d792b9",
+    "zh:3a6b37b0bba50d263bd3dba26185bde13c825e59b6b301ab3f9f45686a21456b",
+    "zh:3e3910fa22a3a8d73d1aed38cc479c3e1958e9168b5f4a7d0da6cf03c2dfc155",
+    "zh:3f8d7d09e5c93162a1e9e6c89acac0799fb55765b44b7d1d020763c814263c57",
+    "zh:40bc5e94bff495440e1b4f797165d7f0dcee2282a86a61b158f47fe4bc57e9fb",
+    "zh:473f51d464b897d0e8e3d5ca2eb175b37e2f7ce03c8b26f47cc35885cf620946",
+    "zh:6fdd4bf71c19cfad78d7e1d2336be873eb8567a139d53e672e78ebcbc36a4d7d",
+    "zh:9e08638cbfc90d69f1c21ee34191db077d58d040cf7a9eed07a1dc335d463e97",
+    "zh:b1ed5ea81bc6d2c88efdefaeb244322874508d90d8217ac2e3541445254bdadc",
+    "zh:ced05776c27d550d15d4a71360243740ecb4ea1e65e67229fb2273a27353b00c",
+    "zh:da79b8a1a982a1d365ea206a2654e8b5003aeba9ccdc9c8751bb6ee3f40d8c49",
+    "zh:fabbad25bab09dd74f2b819992ab99b939c642374d6ca080b18d6e2a91d8d487",
+    "zh:fb0e083d2925f289999dc561ef1c2f84a9e0ab11388c40162ca8b470f50f71f5",
+  ]
+}
+
 provider "registry.opentofu.org/hashicorp/local" {
  version = "2.4.1"
  hashes = [
--- a/README.md
+++ b/README.md
@ -5,27 +5,7 @@ Contains [Terraform](https://terraform.io/) code used to manage our infrastructu
 ## Prerequisites

 - [Nix](https://nix.dev/) with [Flakes](https://nixos.wiki/wiki/Flakes) enabled
-### Pre-commit hook
-
-We want all our Terraform code to be well formatted and adhering to standards,
-enforced by `terraform fmt`. Thus there is a pre-commit hook available to
-validate this. Unfortunately this cannot be enforced remotely, so there is a
-_one time_ manual step needed.
-
-Run the following command right after cloning the repository:
-
-```sh
-./install_precommit_hook.sh
-```
-
-This will make sure you have the pre-commit hook installed so there is less of
-a chance you push something that doesn't match our standards.
-
-### Terraform
-
-As we're using GitLab's Terraform image for our CI/CD pipeline, we'll stick to
-using the latest version of Terraform. Instruction on how to install Terraform
-can be found here: <https://www.terraform.io/downloads>
+- [Hetzner Cloud API token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token)
 - [Terraform Cloud](https://app.terraform.io/) to use shared state

 ### Usage
@ -40,6 +20,7 @@ can be found here: <https://www.terraform.io/downloads>
 Create a file `terraform.tfvars` containing:

 ```tfvars
+hcloud_api_token = "<HETZNER_API_KEY>"
 ```

 ... substituting in our actual key.
--- a/config.nix
+++ b/config.nix
@ -4,11 +4,39 @@ let
  var = options.variable;
 in rec {

+  provider = {
+
+    # Configure the Hetzner Cloud Provider
+    hcloud.token = lib.tfRef "var.hcloud_token";
+
+  };
+
  resource = {

-    local_file.test_import = {
-      filename = "test_import.txt";
-      content = "A terranix created test file using imports. YEY!";
+  };
+
+  # Set the variable value in *.tfvars file
+  # or using -var="hetzner_token=..." CLI option
+  variable = {
+
+    hcloud_token = {
+      type = "string";
+      description = "Hetzner Cloud API Token";
+      sensitive = true;
+    };
+
+  };
+
+  data = {
+
+    hcloud_ssh_keys."all_keys" = {};
+
+  };
+
+  output = {
+
+    "keys_output" = {
+      value = lib.tfRef "data.hcloud_ssh_keys.all_keys";
    };

  };