66 lines
1.7 KiB
HCL
66 lines
1.7 KiB
HCL
module "dns" {
|
|
source = "../dns"
|
|
}
|
|
|
|
data "hcloud_ssh_keys" "nixos_vpn" {
|
|
}
|
|
|
|
resource "hcloud_server" "nixos_vpn" {
|
|
name = "nixos-vpn"
|
|
image = "debian-12"
|
|
keep_disk = true
|
|
server_type = var.server_type
|
|
location = var.server_location
|
|
ssh_keys = data.hcloud_ssh_keys.nixos_vpn.ssh_keys.*.name
|
|
backups = false
|
|
|
|
lifecycle {
|
|
ignore_changes = [ssh_keys]
|
|
prevent_destroy = true
|
|
}
|
|
}
|
|
|
|
module "deploy" {
|
|
depends_on = [local_file.nixos_vars]
|
|
source = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
|
|
nixos_system_attr = ".#nixosConfigurations.vpn.config.system.build.toplevel"
|
|
nixos_partitioner_attr = ".#nixosConfigurations.vpn.config.system.build.diskoScriptNoDeps"
|
|
target_host = hcloud_server.nixos_vpn.ipv4_address
|
|
instance_id = hcloud_server.nixos_vpn.id
|
|
debug_logging = true
|
|
extra_files_script = "${path.module}/decrypt-age-keys.sh"
|
|
extra_environment = {
|
|
SOPS_FILE = var.sops_file
|
|
}
|
|
}
|
|
|
|
locals {
|
|
nixos_vars = {
|
|
hostname = var.hostname
|
|
domain_realname = module.dns.domain_realname
|
|
domain_netname = module.dns.domain_netname
|
|
ipv4_address = hcloud_server.nixos_vpn.ipv4_address
|
|
ipv6_address = hcloud_server.nixos_vpn.ipv6_address
|
|
ssh_keys = data.hcloud_ssh_keys.nixos_vpn.ssh_keys.*.public_key
|
|
}
|
|
}
|
|
|
|
output "ipv4_address" {
|
|
value = hcloud_server.nixos_vpn.ipv4_address
|
|
}
|
|
|
|
output "ipv6_address" {
|
|
value = hcloud_server.nixos_vpn.ipv6_address
|
|
}
|
|
|
|
output "domain_realname" {
|
|
value = module.dns.domain_realname
|
|
}
|
|
|
|
output "domain_netname" {
|
|
value = module.dns.domain_netname
|
|
}
|
|
|
|
output "hostname" {
|
|
value = var.hostname
|
|
}
|