From df8ab4016a560fef2394671e3be1bb309e280648 Mon Sep 17 00:00:00 2001
From: Ethan Reece <git@ethanreece.com>
Date: Fri, 21 Feb 2025 01:49:45 -0600
Subject: [PATCH] Create initial tf file

---
 .gitignore            |  6 ++++++
 README.md             | 18 +++++++++++++++++
 flake.nix             |  5 +++++
 main.tf               | 46 +++++++++++++++++++++++++++++++++++++++++++
 secret.tfvars.example |  1 +
 5 files changed, 76 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 main.tf
 create mode 100644 secret.tfvars.example

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1688ff0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+*.tfvars
+.terraform/
+*.env
+.terraform.lock.hcl
+*.tfstate
+*.tfstate.backup
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..92b6bcf
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# OpenTofu server configuration
+
+This is an experimental configuration for my Hetzner VPS using OpenTofu and Nix.
+
+## How to use
+
+Copy `secret.tfvars.example` to `secret.tfvars` and fill in the values.
+
+To generate a token with Hetzner, go to the project and click `Security -> API Tokens`.
+
+Run `nix develop` to access a shell where OpenTofu is accessible.
+
+## Aliases
+
+The following aliases in the development shell include the secrets file automatically.
+
+- `tofu-plan`
+- `tofu-apply`
diff --git a/flake.nix b/flake.nix
index f3e92b6..7825361 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,6 +20,11 @@
             tofuPkg
             pkgs.terraform-ls
           ];
+
+          shellHook = ''
+            alias tofu-plan="tofu plan -var-file=secret.tfvars"
+            alias tofu-apply="tofu apply -var-file=secret.tfvars"
+          '';
         };
       }
     );
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..b9312cf
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,46 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+      version = "~> 1.45"
+    }
+  }
+}
+
+variable "hcloud_token" {
+  sensitive = true
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
+resource "hcloud_ssh_key" "main" {
+  name       = "my-ssh-key"
+  public_key = file("~/.ssh/id_ed25519.pub")
+}
+
+resource "hcloud_server" "vpn" {
+  name        = "vpn"
+  image       = "debian-12"
+  server_type = "cpx11"
+  location    = "hil"
+  ssh_keys    = [hcloud_ssh_key.main.id]
+  
+  //provisioner "local-exec" {
+  //  command = "sleep 120"
+  //}
+
+  provisioner "remote-exec" {
+    connection {
+      type        = "ssh"
+      user        = "root"
+      host        = self.ipv4_address
+      // private_key = file("~/.ssh/id_ed25519")
+      agent       = true
+    }
+    inline = [
+      "curl https://raw.githubusercontent.com/elitak/NixOS-infect/master/NixOS-infect | PROVIDER=hetznercloud Nix_CHANNEL=NixOS-Unstable bash 2>&1 | tee /tmp/infect.log",
+    ]
+  }
+}
diff --git a/secret.tfvars.example b/secret.tfvars.example
new file mode 100644
index 0000000..049a951
--- /dev/null
+++ b/secret.tfvars.example
@@ -0,0 +1 @@
+hcloud_token = "your_token_here"