Add ssh key

2025-12-22 16:44:24 +00:00 · 2024-09-22 19:34:56 +02:00
parent 8584c4bf58
commit 29dc31f0d3
3 changed files with 53 additions and 24 deletions
--- a/provisioning/.terraform.lock.hcl
+++ b/provisioning/.terraform.lock.hcl
@@ -2,17 +2,40 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/carlpett/sops" {
-  version     = "0.7.2"
-  constraints = "~> 0.5"
+  version     = "1.1.1"
+  constraints = "~> 1.0"
  hashes = [
-    "h1:eetjYKFBQb6nbgxjehD/gzzAmH2ru94ha2tEzXNiNy8=",
-    "zh:43f218054ea3a72c9756bf989aeebb9d0f23b66fd08e9fb4ae75d4f921295e82",
-    "zh:57fd326388042a6b7ecd60f740f81e5ef931546c4f068f054e7df34acf65d190",
-    "zh:87b970db8c137f4c2fcbff7a5705419a0aea9268ae0ac94f1ec5b978e42ab0d2",
-    "zh:9e3b67b89ac919f01731eb0466baa08ce0721e6cf962fe6752e7cc526ac0cba0",
-    "zh:c028f67ef330be0d15ce4d7ac7649a2e07a98ed3003fca52e0c72338b5f481f8",
-    "zh:c29362e36a44480d0d9cb7d90d1efba63fe7e0e94706b2a07884bc067c46cbc7",
-    "zh:d5bcfa836244718a1d564aa96eb7d733b4d361b6ecb961f7c5bcd0cadb1dfd05",
+    "h1:hqyownSt8teS7g0+XDOxmAtuAHB5kDNQkW1voBhLmZU=",
+    "zh:175ec198e1b4d1cad1ae559ebe8cdf574617805010c22dfb8af93a2057ba8332",
+    "zh:2b550b2372f71408e7b47b099f314d981bbb82b263cb55248a36a9af8afd44a1",
+    "zh:684544ed3460c34585b090b5de1d4e0caf8eba8e6ba50ad0734cda818a6c86f0",
+    "zh:6ab656d3f3645b8158769f34c16820523a621b9e735c1b3233cecf010ac61dda",
+    "zh:6b1f0007569ea36903c9b2b1b114c3cec7c163d9b83946362c3e165e255f64e7",
+    "zh:7d562f2fc76c954f974f2745557059a4d33dacb8d46e9f1cf09323348dcf5ddc",
+    "zh:cc7e97d8b55ebd90a4c1424cf9cb930af76e98a11c6eeb07e51d648369859fa1",
+  ]
+}
+
+provider "registry.opentofu.org/cloudflare/cloudflare" {
+  version     = "4.42.0"
+  constraints = "~> 4.0"
+  hashes = [
+    "h1:5Z9Kfc5ufjqbLBXP9lZqQ11PAc4m6aTf/0M6miceOVQ=",
+    "zh:1abb93dda2bf73b1656dc63673c752642bfa4c31c8ca1e83cdd278f42fa121c1",
+    "zh:2b9c90fe4fffaadfeccd0f457bd1354ba2dba920c5525748d8f8f24656d6c7bd",
+    "zh:710a0cf84406df09705115a62bd6a418188a3b884f615fe7122a6fc51ec59bc0",
+    "zh:7875b38b281d17a24d89116b33f92b8b24292be160a2c618874a0f674171bd34",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:ad28c94908c336ca97feabb02734a2c115eddaa5f4a625f00bfafb3ac65646e4",
+    "zh:aee7861d44cf1a71a4846e1ffda20992259838ee600ca79d3abc80b43f4ff0f0",
+    "zh:b1327e8ea04f0df5efc2b8848c358bf0d256716ad5372f91f5960296a1f68677",
+    "zh:b9ec2310feffef38c1488bed038ad7942c54f930f2166a600b5fc850e377bddf",
+    "zh:d04178727d7157aae8eb66b4f7318338c89cd685b53c67f5ce41de4160c2d484",
+    "zh:d76c4bb5a5bfed710fcc8a1d919172cbfcbda0cec177f1d2cb44aff82a862a32",
+    "zh:ddf3c126b5c98267240f960f8fed381115675793e5b86dd2cbdebeb628efb0cb",
+    "zh:e3efb3b9409626f15931a81edaeb96e4baf462a24b32dac9d97cc36d1fef1f01",
+    "zh:e925c963cddf5778829f0b26f72ad8bcbc1aed3510cfa0bd5a9e7cbf4c64a6e8",
+    "zh:ff78a903b2432fbff7b04e84a23c71425589bad7a4b846e08bc131268b80900f",
  ]
 }

--- a/provisioning/README.md
+++ b/provisioning/README.md
@@ -8,6 +8,7 @@ Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzn
 - [SOPS](https://github.com/mozilla/sops)
 - [Age](https://github.com/FiloSottile/age)
 - A Hetzner Cloud account and API token
+- Cloudflare DNS API token
 - A GitHub account and personal access token (for Flux)
 - S3 compatible storage credentials

@@ -61,6 +62,11 @@ Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzn
   ```

 6. **Initialize OpenTofu:**
+
+   ```bash
+   sops exec-env s3_env.enc.yaml 'tofu init'
+   ```
+
   ```bash
   tofu init
   tofu plan
--- a/provisioning/secrets.enc.yaml
+++ b/provisioning/secrets.enc.yaml
@@ -1,10 +1,10 @@
-username: ENC[AES256_GCM,data:Ds4OAig=,iv:84uc4FbTcGocQOpmKJK8O7JDQoKx0Fskwvr3MM+t0cw=,tag:s8XOhQmoNitwCUvaxlfVlg==,type:str]
-user_hashed_password: ENC[AES256_GCM,data:DRRVy+wocdqrA7ghJa7wYZ5l2R/LP4L9ET8mX0eigF9CBsq7QD8QFegzFzzGopEr/jhJq8QH36tgDO/NBZ7BJwPc3DfooREgdZVGZiPOvC7du/1TV1ZgsHz6MFI2eo2IQJybWv5vGD+Tug==,iv:G5bxDE9RBdj7/eFhJGF4T2r07GyVRd/AYu4rUTyZv/E=,tag:YG5UCYJOXKPf2dore2Z9PQ==,type:str]
-user_ssh_public_keys:
-    - ENC[AES256_GCM,data:JC7/xI5TMeqkt7uimuzR3mkeYirT3f7v4Gh2Qb0RvKaJSUllVzFUqeM+SVOxRSI1Tr9zA9EMKynxUWITpl3Nyxp/JvUeSe8Syc1Mfd8yOnQ1OqwF71yfi/9Kus7p8JUc,iv:j3RHGX8GCFzbmN4hVe3OFGmbjWpYufTdGU+DB+Vzo4w=,tag:pV1iJE8YM3FjFxqgZCCZ9w==,type:str]
-github_username: ENC[AES256_GCM,data:SKXTs6NPQun+uQ==,iv:gQKW5IJAJucQs5LGiZ2XAH/HrXdcygQYCkoN1vGjGVg=,tag:j3QOGltPBRulW66iVm1rKg==,type:str]
-github_repo: ENC[AES256_GCM,data:tuZHG9t2Cjs1n7A=,iv:sxBmmaxUVTITRqsJuc+vJUv5npXNQAGCv1UI+zZJ2Pw=,tag:z9E9bf95dhoZa44JqTbB3A==,type:str]
-github_token: ENC[AES256_GCM,data:eJmsukV5hoaDwN6bAGlS/rvX6b2J5uJo+XHMk3M5DShJK7GZElejiA==,iv:XM1aguArv750/mVxAM/XzB9128B19YJxQ9cyB9x7f5Y=,tag:gWM2sa6PsRgXjs6muvX4BQ==,type:str]
+username: ENC[AES256_GCM,data:qJXed8c=,iv:dGFC8UnSfWCTFgyNmksaKVSBkSpimhbR5yRVXi2nQow=,tag:PB/5INPqD/PiOScixN1doQ==,type:str]
+user_hashed_password: ENC[AES256_GCM,data:hbxVZ8/YXLmz0p8umwX3IUy5IFfb3VPai3JjrLzE8Jj7QHWcYj8IhjzanCWRCSKWdoQi+9RgbrxMBTkXjs+4OYl/krBOhSNTTR8kZASSoaUQRBuY655aLoCAHRD+3v1/4Wu61JeNik9u6Q==,iv:vo7++SuaSCZo9jIgkZ9Tze57yeri0qtFfgdEsLDQxCU=,tag:R7hP2rfbhpR4VwbvnclMBA==,type:str]
+user_ssh_public_keys: ENC[AES256_GCM,data:6LZ/9n61otgYXyFJL6OIoiazYyltt4OHM8oO3yaFmuYI/P22JsayGXSM2TVK5RUXUZrhxVOnFt23AkhfbmD62PgF0PoIQPmNxkPAOnsrj/lTcNiwBOyl/N15xtSungdOtP21o2k8Fbdh+LOCj7VWcZx3kibDqiBtxAAeR8Dchx+dIoSsR6li0/JcTCbbbA5Da09zsNJQJMXGo1gCyzUDyT7HLre+DEmHZ5MAaeCHQ9wGvNLsHngP5AEDM/uBEDhJap4/pQ==,iv:vpq6a6BG8t+KI5bmwKm0uMtWhNnUmpMif2oon1+OpxE=,tag:Nx15fkrg0X5RNufaJ7golQ==,type:str]
+domain_name: ENC[AES256_GCM,data:nBo6h6tt3T2H,iv:+JKlfTBwapwJRVo3tp/LExRbNDj1qeURUXeFhR1fcE4=,tag:Pq4jpAMNeDUze8RA1NkoJg==,type:str]
+github_username: ENC[AES256_GCM,data:n0Ny1oQ9zj5vug==,iv:rLytoaTItOqKo55Da82lMyxPt20bPMly840Ks7R5Yh4=,tag:ws5xNltx331xTDeQKpKDHA==,type:str]
+github_repo: ENC[AES256_GCM,data:SpkdFGSgCwpRJOc=,iv:hbuqxj1aCdHC93l7TlB1vGJiZnww0/LD6eQ0qXq/4po=,tag:r6rJ/YKrFmDZGlPKmKXk6w==,type:str]
+github_token: ENC[AES256_GCM,data:X8BsxGukFwfOVdCQQvvWxbIIctwDrZvLGs3+qiUrS4lJkLwpAvYPlw==,iv:XrRGAGEh7YmCyxess/1Yqqc8jQGgSkp2js8+HzLakTc=,tag:ARwToRhx+iyJAQnajbWCfg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -14,14 +14,14 @@ sops:
        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhclZ3VUJUc2xKdE40L2JT
-            TjBJL0NwODZHR29JUUdIbU10M3hXOTVNSTBvClpJYk53d2RzZkovSHlOMHFSYmNJ
-            RzY0UHM5MnNkN3RUUVVQdGU0VURpSGMKLS0tIDlWMHdOTkQwMkJOdjFWVDJTSEYr
-            b3N0UW9ObXcyMUpvY0ZlV3lVdUV5Vm8Koxn/+tkp8Af+v2iNOfSRA6P3tHB1CAdr
-            DjppmgURJYRe0JY60UHVjNFqIRjvyfDyQUyezQstYoJcW5e1KkXO9g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReloyQkVsZDhVclh2N2lj
+            SDRlaHNqdkYxcytBWFNScUdVdTd4ZFZBdHljCkVJMXB2azBqcUFmVWdKR3d6dnR5
+            TEFhZ2lVN3VXM3dmdk9YTGp6djhXem8KLS0tIFBEOExUdFp6NWhvYzVQN1hBcDZz
+            eU1ISWMvdTVMWnYwL2Y0cnRhUjdlbWcKnZJLl5K+SyjQl84rLKaHUWq6N/XbY+yZ
+            Bluc2JTQYZecCZSi+Y6Bt/7TjI8298pmP6MlqhH5lJPUF3vruxXiqw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-16T19:51:04Z"
-    mac: ENC[AES256_GCM,data:/fscBwL6clI5eJOWVu3ILqW+c+4lxlX9usUkt0eQUebdMYUgrRIJ0TnQhmimbg7XoofpCCP/KThZ5Ku857M4xXHLayewd6zeL3P8cYMeZs5nEvMWczpIjViiLrkKliFxlL0wDeCq8W84acpBoxS5TZRUh3//lOpjBqhRHuJIhdU=,iv:RjA5DloEc8NbQUS8lJ9ocMhAPvF52XfDdY4BgHk8Ols=,tag:Lz/FKzMaNIvYoZDwYr4afQ==,type:str]
+    lastmodified: "2024-09-22T17:26:55Z"
+    mac: ENC[AES256_GCM,data:N8hqHkpgV5h3WNbbAlM6wPEQYlvzZx83JPeb+OB1KQkmY/7fMaWH9KgFt0CdrGMyN9LE55lMYkmmmn4clhIR/3h5c3sUMbl2OWBc9ggTTGnWmu3rohrJR5WF+3OXnhD04/e/azjNsBTILRT08Beg+QzgKFAApWgN8kCOk2iTaHU=,iv:dhm/OADE0aAVq8kIU/gc6XOaC6nLpeJSaEiRk+87zrc=,tag:Zqz86ugFIvFPQxzPooFPCA==,type:str]
    pgp: []
    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
    version: 3.9.0