diff --git a/provisioning/.terraform.lock.hcl b/provisioning/.terraform.lock.hcl index 7848c45..bf48913 100644 --- a/provisioning/.terraform.lock.hcl +++ b/provisioning/.terraform.lock.hcl @@ -2,17 +2,40 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/carlpett/sops" { - version = "0.7.2" - constraints = "~> 0.5" + version = "1.1.1" + constraints = "~> 1.0" hashes = [ - "h1:eetjYKFBQb6nbgxjehD/gzzAmH2ru94ha2tEzXNiNy8=", - "zh:43f218054ea3a72c9756bf989aeebb9d0f23b66fd08e9fb4ae75d4f921295e82", - "zh:57fd326388042a6b7ecd60f740f81e5ef931546c4f068f054e7df34acf65d190", - "zh:87b970db8c137f4c2fcbff7a5705419a0aea9268ae0ac94f1ec5b978e42ab0d2", - "zh:9e3b67b89ac919f01731eb0466baa08ce0721e6cf962fe6752e7cc526ac0cba0", - "zh:c028f67ef330be0d15ce4d7ac7649a2e07a98ed3003fca52e0c72338b5f481f8", - "zh:c29362e36a44480d0d9cb7d90d1efba63fe7e0e94706b2a07884bc067c46cbc7", - "zh:d5bcfa836244718a1d564aa96eb7d733b4d361b6ecb961f7c5bcd0cadb1dfd05", + "h1:hqyownSt8teS7g0+XDOxmAtuAHB5kDNQkW1voBhLmZU=", + "zh:175ec198e1b4d1cad1ae559ebe8cdf574617805010c22dfb8af93a2057ba8332", + "zh:2b550b2372f71408e7b47b099f314d981bbb82b263cb55248a36a9af8afd44a1", + "zh:684544ed3460c34585b090b5de1d4e0caf8eba8e6ba50ad0734cda818a6c86f0", + "zh:6ab656d3f3645b8158769f34c16820523a621b9e735c1b3233cecf010ac61dda", + "zh:6b1f0007569ea36903c9b2b1b114c3cec7c163d9b83946362c3e165e255f64e7", + "zh:7d562f2fc76c954f974f2745557059a4d33dacb8d46e9f1cf09323348dcf5ddc", + "zh:cc7e97d8b55ebd90a4c1424cf9cb930af76e98a11c6eeb07e51d648369859fa1", + ] +} + +provider "registry.opentofu.org/cloudflare/cloudflare" { + version = "4.42.0" + constraints = "~> 4.0" + hashes = [ + "h1:5Z9Kfc5ufjqbLBXP9lZqQ11PAc4m6aTf/0M6miceOVQ=", + "zh:1abb93dda2bf73b1656dc63673c752642bfa4c31c8ca1e83cdd278f42fa121c1", + "zh:2b9c90fe4fffaadfeccd0f457bd1354ba2dba920c5525748d8f8f24656d6c7bd", + "zh:710a0cf84406df09705115a62bd6a418188a3b884f615fe7122a6fc51ec59bc0", + "zh:7875b38b281d17a24d89116b33f92b8b24292be160a2c618874a0f674171bd34", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:ad28c94908c336ca97feabb02734a2c115eddaa5f4a625f00bfafb3ac65646e4", + "zh:aee7861d44cf1a71a4846e1ffda20992259838ee600ca79d3abc80b43f4ff0f0", + "zh:b1327e8ea04f0df5efc2b8848c358bf0d256716ad5372f91f5960296a1f68677", + "zh:b9ec2310feffef38c1488bed038ad7942c54f930f2166a600b5fc850e377bddf", + "zh:d04178727d7157aae8eb66b4f7318338c89cd685b53c67f5ce41de4160c2d484", + "zh:d76c4bb5a5bfed710fcc8a1d919172cbfcbda0cec177f1d2cb44aff82a862a32", + "zh:ddf3c126b5c98267240f960f8fed381115675793e5b86dd2cbdebeb628efb0cb", + "zh:e3efb3b9409626f15931a81edaeb96e4baf462a24b32dac9d97cc36d1fef1f01", + "zh:e925c963cddf5778829f0b26f72ad8bcbc1aed3510cfa0bd5a9e7cbf4c64a6e8", + "zh:ff78a903b2432fbff7b04e84a23c71425589bad7a4b846e08bc131268b80900f", ] } diff --git a/provisioning/README.md b/provisioning/README.md index cf226c9..777eef8 100644 --- a/provisioning/README.md +++ b/provisioning/README.md @@ -8,6 +8,7 @@ Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzn - [SOPS](https://github.com/mozilla/sops) - [Age](https://github.com/FiloSottile/age) - A Hetzner Cloud account and API token +- Cloudflare DNS API token - A GitHub account and personal access token (for Flux) - S3 compatible storage credentials @@ -61,6 +62,11 @@ Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzn ``` 6. **Initialize OpenTofu:** + + ```bash + sops exec-env s3_env.enc.yaml 'tofu init' + ``` + ```bash tofu init tofu plan diff --git a/provisioning/secrets.enc.yaml b/provisioning/secrets.enc.yaml index f7d130a..c1184bb 100644 --- a/provisioning/secrets.enc.yaml +++ b/provisioning/secrets.enc.yaml @@ -1,10 +1,10 @@ -username: ENC[AES256_GCM,data:Ds4OAig=,iv:84uc4FbTcGocQOpmKJK8O7JDQoKx0Fskwvr3MM+t0cw=,tag:s8XOhQmoNitwCUvaxlfVlg==,type:str] -user_hashed_password: ENC[AES256_GCM,data:DRRVy+wocdqrA7ghJa7wYZ5l2R/LP4L9ET8mX0eigF9CBsq7QD8QFegzFzzGopEr/jhJq8QH36tgDO/NBZ7BJwPc3DfooREgdZVGZiPOvC7du/1TV1ZgsHz6MFI2eo2IQJybWv5vGD+Tug==,iv:G5bxDE9RBdj7/eFhJGF4T2r07GyVRd/AYu4rUTyZv/E=,tag:YG5UCYJOXKPf2dore2Z9PQ==,type:str] -user_ssh_public_keys: - - ENC[AES256_GCM,data:JC7/xI5TMeqkt7uimuzR3mkeYirT3f7v4Gh2Qb0RvKaJSUllVzFUqeM+SVOxRSI1Tr9zA9EMKynxUWITpl3Nyxp/JvUeSe8Syc1Mfd8yOnQ1OqwF71yfi/9Kus7p8JUc,iv:j3RHGX8GCFzbmN4hVe3OFGmbjWpYufTdGU+DB+Vzo4w=,tag:pV1iJE8YM3FjFxqgZCCZ9w==,type:str] -github_username: ENC[AES256_GCM,data:SKXTs6NPQun+uQ==,iv:gQKW5IJAJucQs5LGiZ2XAH/HrXdcygQYCkoN1vGjGVg=,tag:j3QOGltPBRulW66iVm1rKg==,type:str] -github_repo: ENC[AES256_GCM,data:tuZHG9t2Cjs1n7A=,iv:sxBmmaxUVTITRqsJuc+vJUv5npXNQAGCv1UI+zZJ2Pw=,tag:z9E9bf95dhoZa44JqTbB3A==,type:str] -github_token: ENC[AES256_GCM,data:eJmsukV5hoaDwN6bAGlS/rvX6b2J5uJo+XHMk3M5DShJK7GZElejiA==,iv:XM1aguArv750/mVxAM/XzB9128B19YJxQ9cyB9x7f5Y=,tag:gWM2sa6PsRgXjs6muvX4BQ==,type:str] +username: ENC[AES256_GCM,data:qJXed8c=,iv:dGFC8UnSfWCTFgyNmksaKVSBkSpimhbR5yRVXi2nQow=,tag:PB/5INPqD/PiOScixN1doQ==,type:str] +user_hashed_password: ENC[AES256_GCM,data:hbxVZ8/YXLmz0p8umwX3IUy5IFfb3VPai3JjrLzE8Jj7QHWcYj8IhjzanCWRCSKWdoQi+9RgbrxMBTkXjs+4OYl/krBOhSNTTR8kZASSoaUQRBuY655aLoCAHRD+3v1/4Wu61JeNik9u6Q==,iv:vo7++SuaSCZo9jIgkZ9Tze57yeri0qtFfgdEsLDQxCU=,tag:R7hP2rfbhpR4VwbvnclMBA==,type:str] +user_ssh_public_keys: ENC[AES256_GCM,data:6LZ/9n61otgYXyFJL6OIoiazYyltt4OHM8oO3yaFmuYI/P22JsayGXSM2TVK5RUXUZrhxVOnFt23AkhfbmD62PgF0PoIQPmNxkPAOnsrj/lTcNiwBOyl/N15xtSungdOtP21o2k8Fbdh+LOCj7VWcZx3kibDqiBtxAAeR8Dchx+dIoSsR6li0/JcTCbbbA5Da09zsNJQJMXGo1gCyzUDyT7HLre+DEmHZ5MAaeCHQ9wGvNLsHngP5AEDM/uBEDhJap4/pQ==,iv:vpq6a6BG8t+KI5bmwKm0uMtWhNnUmpMif2oon1+OpxE=,tag:Nx15fkrg0X5RNufaJ7golQ==,type:str] +domain_name: ENC[AES256_GCM,data:nBo6h6tt3T2H,iv:+JKlfTBwapwJRVo3tp/LExRbNDj1qeURUXeFhR1fcE4=,tag:Pq4jpAMNeDUze8RA1NkoJg==,type:str] +github_username: ENC[AES256_GCM,data:n0Ny1oQ9zj5vug==,iv:rLytoaTItOqKo55Da82lMyxPt20bPMly840Ks7R5Yh4=,tag:ws5xNltx331xTDeQKpKDHA==,type:str] +github_repo: ENC[AES256_GCM,data:SpkdFGSgCwpRJOc=,iv:hbuqxj1aCdHC93l7TlB1vGJiZnww0/LD6eQ0qXq/4po=,tag:r6rJ/YKrFmDZGlPKmKXk6w==,type:str] +github_token: ENC[AES256_GCM,data:X8BsxGukFwfOVdCQQvvWxbIIctwDrZvLGs3+qiUrS4lJkLwpAvYPlw==,iv:XrRGAGEh7YmCyxess/1Yqqc8jQGgSkp2js8+HzLakTc=,tag:ARwToRhx+iyJAQnajbWCfg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhclZ3VUJUc2xKdE40L2JT - TjBJL0NwODZHR29JUUdIbU10M3hXOTVNSTBvClpJYk53d2RzZkovSHlOMHFSYmNJ - RzY0UHM5MnNkN3RUUVVQdGU0VURpSGMKLS0tIDlWMHdOTkQwMkJOdjFWVDJTSEYr - b3N0UW9ObXcyMUpvY0ZlV3lVdUV5Vm8Koxn/+tkp8Af+v2iNOfSRA6P3tHB1CAdr - DjppmgURJYRe0JY60UHVjNFqIRjvyfDyQUyezQstYoJcW5e1KkXO9g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReloyQkVsZDhVclh2N2lj + SDRlaHNqdkYxcytBWFNScUdVdTd4ZFZBdHljCkVJMXB2azBqcUFmVWdKR3d6dnR5 + TEFhZ2lVN3VXM3dmdk9YTGp6djhXem8KLS0tIFBEOExUdFp6NWhvYzVQN1hBcDZz + eU1ISWMvdTVMWnYwL2Y0cnRhUjdlbWcKnZJLl5K+SyjQl84rLKaHUWq6N/XbY+yZ + Bluc2JTQYZecCZSi+Y6Bt/7TjI8298pmP6MlqhH5lJPUF3vruxXiqw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-16T19:51:04Z" - mac: ENC[AES256_GCM,data:/fscBwL6clI5eJOWVu3ILqW+c+4lxlX9usUkt0eQUebdMYUgrRIJ0TnQhmimbg7XoofpCCP/KThZ5Ku857M4xXHLayewd6zeL3P8cYMeZs5nEvMWczpIjViiLrkKliFxlL0wDeCq8W84acpBoxS5TZRUh3//lOpjBqhRHuJIhdU=,iv:RjA5DloEc8NbQUS8lJ9ocMhAPvF52XfDdY4BgHk8Ols=,tag:Lz/FKzMaNIvYoZDwYr4afQ==,type:str] + lastmodified: "2024-09-22T17:26:55Z" + mac: ENC[AES256_GCM,data:N8hqHkpgV5h3WNbbAlM6wPEQYlvzZx83JPeb+OB1KQkmY/7fMaWH9KgFt0CdrGMyN9LE55lMYkmmmn4clhIR/3h5c3sUMbl2OWBc9ggTTGnWmu3rohrJR5WF+3OXnhD04/e/azjNsBTILRT08Beg+QzgKFAApWgN8kCOk2iTaHU=,iv:dhm/OADE0aAVq8kIU/gc6XOaC6nLpeJSaEiRk+87zrc=,tag:Zqz86ugFIvFPQxzPooFPCA==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.9.0