terraform { required_providers { hcloud = { source = "hetznercloud/hcloud" version = "~> 1.45" } } } variable "hcloud_token" { sensitive = true } provider "hcloud" { token = var.hcloud_token } resource "hcloud_ssh_key" "main" { name = "my-ssh-key" public_key = file("~/.ssh/id_ed25519.pub") } resource "hcloud_server" "vpn" { name = "vpn" image = "debian-12" server_type = "cpx11" location = "hil" ssh_keys = [hcloud_ssh_key.main.id] //provisioner "local-exec" { // command = "sleep 120" //} //provisioner "remote-exec" { // connection { // type = "ssh" // user = "root" // host = self.ipv4_address // // private_key = file("~/.ssh/id_ed25519") // agent = true // } // inline = [ // "curl https://raw.githubusercontent.com/elitak/NixOS-infect/master/NixOS-infect | PROVIDER=hetznercloud Nix_CHANNEL=NixOS-Unstable bash 2>&1 | tee /tmp/infect. log", // ] //} } module "deploy" { //depends_on = [local_file.nixos_vars] source = "github.com/numtide/nixos-anywhere//terraform/all-in-one" nixos_system_attr = ".#nixosConfigurations.vpn.config.system.build.toplevel" nixos_partitioner_attr = ".#nixosConfigurations.vpn.config.system.build.diskoScript" target_host = hcloud_server.vpn.ipv4_address instance_id = hcloud_server.vpn.id //extra_files_script = "${path.module}/decrypt-age-keys.sh" //extra_environment = { // SOPS_FILE = var.sops_file //} debug_logging = true }