diff --git a/checks.nix b/checks.nix index 1d2c451..5facd3b 100644 --- a/checks.nix +++ b/checks.nix @@ -21,7 +21,10 @@ }; }; nixfmt-rfc-style.enable = true; - statix.enable = true; + statix = { + enable = true; + settings.ignore = [ "tofu/.terraform/**" ]; + }; gitleaks = { enable = true; name = "gitleaks"; diff --git a/dev-shells.nix b/dev-shells.nix index fc156a3..6f288ed 100644 --- a/dev-shells.nix +++ b/dev-shells.nix @@ -6,7 +6,10 @@ _: { default = pkgs.mkShellNoCC { name = "elementary-shell"; - nativeBuildInputs = [ pkgs.deadnix ]; + nativeBuildInputs = [ + pkgs.deadnix + pkgs.opentofu + ]; shellHook = '' ${config.pre-commit.installationScript} diff --git a/flake.lock b/flake.lock index ae518e2..6d1ebff 100644 --- a/flake.lock +++ b/flake.lock @@ -110,6 +110,24 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1740485968, + "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", + "owner": "nix-community", + "repo": "disko", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "emacs-lsp-booster": { "inputs": { "nixpkgs": [ @@ -132,7 +150,7 @@ }, "emacs-overlay": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -467,7 +485,7 @@ }, "home-manager_2": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1738448366, @@ -506,7 +524,7 @@ }, "hyprland-contrib": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1738176500, @@ -526,7 +544,7 @@ "inputs": { "flake-compat": "flake-compat", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1737465171, @@ -561,7 +579,7 @@ "nixos-wsl": { "inputs": { "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1736095716, @@ -642,7 +660,39 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1736798957, + "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1738136902, + "narHash": "sha256-pUvLijVGARw4u793APze3j6mU1Zwdtz7hGkGGkD87qw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a5db3142ce450045840cc8d832b13b8a2018e0c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1739020877, "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", @@ -658,7 +708,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1737885589, "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", @@ -674,7 +724,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1712163089, "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", @@ -690,7 +740,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1730768919, "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", @@ -706,7 +756,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1733384649, "narHash": "sha256-K5DJ2LpPqht7K76bsxetI+YHhGGRyVteTPRQaIIKJpw=", @@ -722,7 +772,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1738410390, "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", @@ -738,7 +788,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1738142207, "narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=", @@ -754,26 +804,10 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1736798957, - "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -825,6 +859,7 @@ "root": { "inputs": { "agenix": "agenix", + "disko": "disko", "emacs-lsp-booster": "emacs-lsp-booster", "emacs-overlay": "emacs-overlay", "flake-parts": "flake-parts", @@ -833,7 +868,7 @@ "nix-pre-commit-hooks": "nix-pre-commit-hooks", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-unfree": "nixpkgs-unfree", "nur": "nur", "ranger-devicons": "ranger-devicons", @@ -900,7 +935,7 @@ "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", diff --git a/flake.nix b/flake.nix index 998aa83..b9c398d 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,8 @@ emacs-lsp-booster.url = "github:slotThe/emacs-lsp-booster-flake"; emacs-lsp-booster.inputs.nixpkgs.follows = "nixpkgs"; + + disko.url = "github:nix-community/disko"; }; outputs = diff --git a/systems/x86_64-linux/neon/default.nix b/systems/x86_64-linux/neon/default.nix new file mode 100644 index 0000000..646ebb6 --- /dev/null +++ b/systems/x86_64-linux/neon/default.nix @@ -0,0 +1,48 @@ +{ inputs, modulesPath, ... }: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + inputs.disko.nixosModules.disko + ./disk-config.nix + ]; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + services = { + openssh.enable = true; + nginx = { + enable = true; + recommendedTlsSettings = true; + virtualHosts."neon.grigorjan.net" = { + enableACME = true; + forceSSL = true; + extraConfig = '' + location / { + add_header Content-Type text/plain; + return 200 'Hello!'; + } + ''; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "acme@grigorjan.net"; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZjHdiGT2JDe/3tdEt5hNsOw6bOo0DEfGTkD4+7/ASs geko@carbon" + ]; + + system.stateVersion = "25.05"; +} diff --git a/systems/x86_64-linux/neon/disk-config.nix b/systems/x86_64-linux/neon/disk-config.nix new file mode 100644 index 0000000..1641339 --- /dev/null +++ b/systems/x86_64-linux/neon/disk-config.nix @@ -0,0 +1,55 @@ +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/tofu/.gitignore b/tofu/.gitignore new file mode 100644 index 0000000..b07cc61 --- /dev/null +++ b/tofu/.gitignore @@ -0,0 +1,2 @@ +*.tfvars +.terraform/ \ No newline at end of file diff --git a/tofu/.terraform.lock.hcl b/tofu/.terraform.lock.hcl new file mode 100644 index 0000000..a1bb96c --- /dev/null +++ b/tofu/.terraform.lock.hcl @@ -0,0 +1,97 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/cloudflare/cloudflare" { + version = "5.1.0" + constraints = "~> 5.0" + hashes = [ + "h1:rAEBCOYxvUIGopSwRgGebOk2uDfqlp+A9B4pJWfiCs8=", + "zh:4abdac721beb7b552fbc273644ee66e000b76d389084d5cbd2bc09bd297301c8", + "zh:59c413fa82c30e18a4afb97ad82473b7842f8476b422a0f8c294cc39b646b083", + "zh:702f4aee9f2fdc25381a9c8ed7617106973ed80033db727ac446e4c64d16f00f", + "zh:87467a36c1ef8f34a7ebe216201757af4ad0a098995269369ffa5c601c0a7568", + "zh:8f746f59e46c210d6c33580542d5b2a94d8071a3a9435f0771f524d0e2fdc731", + "zh:a9ce5ac0d5df8d94c32149434da27ac19d9aa0ba6d5dee86ea0f357a2e54b40f", + "zh:afc8377f6fdb7cb9dd436ff42479257ddcb14c1d7ecee5b57390ba1c6a8fa878", + "zh:d13d757fca7978f18a118b47c219bcdee5e055fd21a5bfec4ce8b4e28941e60b", + "zh:d5810ad8e4ab3d5a4cfa6696a254426a22f0928e23f87c46a186d71193a304f0", + "zh:d7e2459db89150b79870117dfb6f324b586b547ca91a935003c2be33305317fc", + "zh:f46c380238b40b34ef32db185c5582ce6e173637c75e88d305e58d41e24df72b", + "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", + ] +} + +provider "registry.opentofu.org/hashicorp/aws" { + version = "5.88.0" + hashes = [ + "h1:KjdFkIHjFWoq9D3AqHRBB0cHltoQYzuHEFWLB20Z2hw=", + "zh:0c78bb975ec21b8fc4953a9e2afbe2d63eb620594df4002ca4c7bde9e508348a", + "zh:0f3a76c0e720c13874c83de89d6ce634cdd85a361994752e573b062ed9011192", + "zh:288deee7ede0e90090b5381cf36ba68d7fa0f6d136b8d12ae71a2d78f31444ff", + "zh:57195d120a4f5359206c0d3fa5ac69469bf20c6840299afe77cb45adb44ff82c", + "zh:643cc8ddfdc6686972619dc1837bde4760d9c46ad4f4b47690dab4167d2429f7", + "zh:7439fea847e3d38418a2a3a52f3c17f179972f83131b27997b1dbe704114202d", + "zh:c48a364cc1b89ffd18ef759bc77a25ab545485b63da0c311757c339d43e26dc4", + "zh:c890c07ce4829eac2fe860b76f737cb3112775cd47001b9b138767bf81f308c5", + "zh:cca81b0a024c2bf126dc604366ee4e5e5e116b68a5662e661f62d0771fd247c0", + "zh:f8c9aa5a07b5597d6d9c408a6f7461e1d5ac9c2bc8aee7d1179d7d54646523de", + ] +} + +provider "registry.opentofu.org/hashicorp/external" { + version = "2.3.4" + constraints = "2.3.4" + hashes = [ + "h1:saRbzhRhYh4urj+ARe8vIB0mlRspy6E/fPSyvwqjUW8=", + "zh:0e5eb3513d6ad5cc3196799a6e413c6a9c0b642ba6d8f84fc11efa48f58358a4", + "zh:1658beae42b4614d4009a3191710c86571ccf1dc526c4bac520a87ab701dd2e9", + "zh:28d937c13e90c170fc1e4b726a9bcf113aade53b95b3eccd335cd9eaba8acff5", + "zh:2ac19917bb83233f24391d4cbaf301bb6ec14013d3b7f93bdf64823280622daa", + "zh:3263d1808fc5252d586a9aa98d89086c912f53e1a3dc43bc5306364b358f04fa", + "zh:463469836637342495e22a936ef9ab3c8ab2fb47eb0fae09c346d63f3331af59", + "zh:53398a27492cd11f61b2f24c2601c12f50c39da32b90fd25aed7011a1e25a225", + "zh:5a44cfbcef52fd3c970144a69a934cab320bd3bb57939ae4682fc516783e2996", + "zh:65edb579d9d0dac42e77728d81da6e85ea30d3fe8f2cb6e5db82602ee8afa17e", + "zh:f2edd3027b7ae0d31a690fd5dcdcd22b467b4f1e045f84f2bc88289353ef9a5b", + ] +} + +provider "registry.opentofu.org/hashicorp/null" { + version = "3.2.3" + constraints = "3.2.3" + hashes = [ + "h1:LF8arSzHfhbyQSFtTMTYEqCM34klzrbAQBJMHYCs9d8=", + "zh:1d57d25084effd3fdfd902eca00020b34b1fb020253b84d7dd471301606015ac", + "zh:65b7f9799b88464d9c2ec529713b7f52ea744275b61a8dc86cdedab1b2dcb933", + "zh:80d3e9c95b7b4ae7c54005cd127cae82e5c53d2b7023ef24c147337bac9dadd9", + "zh:841b60c07683e4bf456799ccd718896fdafdcc2c49252ae09967f2e74d8c8a03", + "zh:8fa1c592a9c78222e35713c6edb3f1f818a4c6f3524a30a209f0a7e919827b68", + "zh:bb795cc1429e09466840c09d39a28edf1db5070b1ec76822fc1173906a264572", + "zh:da1784818a89bea29dfe660632f0060a7a843e4e564d74435fbeca002b0f7d2a", + "zh:f409bf21b1cdaa6dac47cd79806f3d93f67e9507fe4dbf33b0165335f53bc2e1", + "zh:fbea7a1ff84b430ba9594698e93196d81d03e4036de3d1cafccb2a96d5b38581", + "zh:fbf0c84663a7e85881388d7d71ac862184f05fbf2d17ecf76bc5d3d7503ea260", + ] +} + +provider "registry.opentofu.org/hetznercloud/hcloud" { + version = "1.50.0" + constraints = "~> 1.45" + hashes = [ + "h1:z5J9wgkt9xIKlr699hWCjHSS7K4bYKWWnGCg2T/YNmg=", + "zh:0bd650fb52e272f74eda5053a7bb62f0fd92182f57ad3ef742abe165cb8cac98", + "zh:1c36667aa89b672a96c0df3d3c613e80916a2d0944b1a1f9112065f40630b689", + "zh:21f90683890ea7a184b0ac55efd52911694ba86c58898bc8bbe87ee2507bb1eb", + "zh:24349d483a6ff97420d847433553fa031f68f99b9ead4ebb3592fc8955ef521f", + "zh:3fffd83c450bea2b382a986501ae51a4d3e6530eda48ed9ca74d518e4a909c37", + "zh:43d7de1dc4c50fae99d6c4ab4bb394608948091f5b53ddb29bc65deead9dc8a6", + "zh:47a37d5fec79dd8bc9cab2c892bc59e135b86cb51eebe2b01cdb40afac7ed777", + "zh:6efeb9530b8f57618c43f0b294b983d06cce43e9423bdd737eed81db913edb80", + "zh:7511ace4b33baddfc452ef95a634d83b92bfbfaa23cb30403899e95b64727075", + "zh:7bade77104ed8788c9b5171c7daae6ab6c011b3c40b152274fda803bf0bf2707", + "zh:83bce3ff9a1bd52a340a6ebdd2e2b731ec6fb86811ef0ed8a8264daf9d7beb61", + "zh:a09d5fce4c8d33e10b9a19318c965076db2d8ed5f62f5feb3e7502416f66d7bf", + "zh:c942832b80270eb982eeb9cc14f30a437db5fd28faf37d6aa32ec2cd345537d6", + "zh:e2c1812f2e1f9fac17c7551d4ab0efb713b6d751087c18b84b8acd542f587459", + ] +} diff --git a/tofu/dns.tf b/tofu/dns.tf new file mode 100644 index 0000000..4e22d99 --- /dev/null +++ b/tofu/dns.tf @@ -0,0 +1,105 @@ +provider "cloudflare" { + email = "cloudflare@grigorjan.net" + api_token = var.cloudflare_api_token +} + +locals { + grigorjan_net_zone_id = "031954488928102b0936fee7bd9d3312" +} + +resource "cloudflare_zone_setting" "strict_ssl" { + zone_id = local.grigorjan_net_zone_id + setting_id = "ssl" + value = "strict" +} + +resource "cloudflare_dns_record" "server_neon" { + type = "A" + name = "neon.grigorjan.net" + content = hcloud_server.neon.ipv4_address + ttl = 1 + proxied = true + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "root_website" { + type = "CNAME" + name = "grigorjan.net" + content = "gekoke.github.io" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "www_website" { + type = "CNAME" + name = "www.grigorjan.net" + content = "gekoke.github.io" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "github_pages_challenge" { + type = "TXT" + name = "_github-pages-challenge-gekoke.grigorjan.net" + content = "\"58f1b8d27a8c74074eee8d2296fe9b\"" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "dkim_fastmail_1" { + type = "CNAME" + name = "fm1._domainkey.grigorjan.net" + content = "fm1.grigorjan.net.dkim.fmhosted.com" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "dkim_fastmail_2" { + type = "CNAME" + name = "fm2._domainkey.grigorjan.net" + content = "fm2.grigorjan.net.dkim.fmhosted.com" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "dkim_fastmail_3" { + type = "CNAME" + name = "fm3._domainkey.grigorjan.net" + content = "fm3.grigorjan.net.dkim.fmhosted.com" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "smtp_10" { + type = "MX" + name = "grigorjan.net" + content = "in1-smtp.messagingengine.com" + priority = 10 + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "smpt_20" { + type = "MX" + name = "grigorjan.net" + content = "in2-smtp.messagingengine.com" + priority = 20 + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "dmarc" { + type = "TXT" + name = "_dmarc.grigorjan.net" + content = "\"v=DMARC1; p=quarantine; rua=mailto:feedback@grigorjan.net; ruf=mailto:abuse@grigorjan.net\"" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} + +resource "cloudflare_dns_record" "spf" { + type = "TXT" + name = "grigorjan.net" + content = "\"v=spf1 include:spf.messagingengine.com ?all\"" + ttl = 1 + zone_id = local.grigorjan_net_zone_id +} diff --git a/tofu/inputs.tf b/tofu/inputs.tf new file mode 100644 index 0000000..b3244d1 --- /dev/null +++ b/tofu/inputs.tf @@ -0,0 +1,23 @@ +variable "aws_access_key" { + type = string + sensitive = true + description = "The AWS root access key ID" +} + +variable "aws_secret_key" { + type = string + sensitive = true + description = "The AWS root access key value" +} + +variable "cloudflare_api_token" { + type = string + sensitive = true + description = "The Cloudflare API token with permissions: DNS:Edit, Zone Settings:Edit" +} + +variable "hcloud_token" { + type = string + sensitive = true + description = "The Hetzner Cloud API token for a particular project" +} diff --git a/tofu/providers.tf b/tofu/providers.tf new file mode 100644 index 0000000..bfd4fa1 --- /dev/null +++ b/tofu/providers.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 5" + } + hcloud = { + source = "hetznercloud/hcloud" + version = "~> 1.45" + } + + # Dependencies for `nixos-anywhere` + null = { + source = "hashicorp/null" + version = "3.2.3" + } + external = { + source = "hashicorp/external" + version = "2.3.4" + } + } +} diff --git a/tofu/server.tf b/tofu/server.tf new file mode 100644 index 0000000..e39d067 --- /dev/null +++ b/tofu/server.tf @@ -0,0 +1,32 @@ +provider "hcloud" { + token = var.hcloud_token +} + +resource "hcloud_ssh_key" "geko-carbon" { + name = "geko-carbon" + public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZjHdiGT2JDe/3tdEt5hNsOw6bOo0DEfGTkD4+7/ASs geko@carbon" +} + +resource "hcloud_server" "neon" { + name = "neon" + server_type = "cx32" + image = "debian-11" + location = "hel1" # Helsinki + ssh_keys = ["geko-carbon"] + public_net { + ipv4_enabled = true + ipv6_enabled = true + } + lifecycle { + prevent_destroy = true + } +} + +module "neon_deploy" { + source = "github.com/nix-community/nixos-anywhere//terraform/all-in-one" + nixos_system_attr = ".#nixosConfigurations.neon.config.system.build.toplevel" + nixos_partitioner_attr = ".#nixosConfigurations.neon.config.system.build.diskoScript" + target_host = hcloud_server.neon.ipv4_address + instance_id = hcloud_server.neon.ipv4_address + debug_logging = true +} diff --git a/tofu/state.tf b/tofu/state.tf new file mode 100644 index 0000000..a8f16c9 --- /dev/null +++ b/tofu/state.tf @@ -0,0 +1,25 @@ +locals { + aws_region = "eu-north-1" +} + +provider "aws" { + region = local.aws_region + access_key = var.aws_access_key + secret_key = var.aws_secret_key +} + +resource "aws_s3_bucket" "tofu_state" { + bucket = "tofu-state-c5bba283-c3e5-454e-a7d7-df43e34e82f6" + + lifecycle { + prevent_destroy = true + } +} + +terraform { + backend "s3" { + region = local.aws_region + bucket = "tofu-state-c5bba283-c3e5-454e-a7d7-df43e34e82f6" + key = "tofu-state-file" + } +}