Update versions

2025-12-23 00:54:26 +00:00 · 2024-12-23 18:49:04 +01:00
parent 88f8cc0995
commit 3d79c3952d
2 changed files with 67 additions and 48 deletions
--- a/provisioning/main.tf
+++ b/provisioning/main.tf
@@ -2,23 +2,23 @@
 terraform {
  required_providers {
    hcloud = {
-      source = "hetznercloud/hcloud"
-      version = "~> 1.0"
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.49.1"
    }
    sops = {
      source  = "carlpett/sops"
-      version = "~> 1.0"
+      version = "~> 1.1.1"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
-      version = "~> 4.0"
+      version = "~> 4.48.0"
    }
  }
  required_version = ">= 0.13"

  backend "s3" {
-    bucket = "auberon-tfstate"
-    key    = "terraform.tfstate"
+    bucket                      = "auberon-tfstate"
+    key                         = "terraform.tfstate"
    skip_credentials_validation = true
    skip_region_validation      = true
  }
@@ -39,24 +39,27 @@ data "sops_file" "secrets" {
 }

 data "cloudinit_config" "k8s_node" {
-  gzip = true
+  gzip          = true
  base64_encode = true

  part {
    content_type = "text/cloud-config"
    content = templatefile("${path.module}/cloud-init.yaml", {
-      username = data.sops_file.secrets.data["username"]
+      username             = data.sops_file.secrets.data["username"]
      user_hashed_password = data.sops_file.secrets.data["user_hashed_password"]
-      user_ssh_public_keys = yamldecode(data.sops_file.secrets.data["user_ssh_public_keys"])
+      user_ssh_public_keys = [
+        for key in split("\n", data.sops_file.secrets.data["user_ssh_public_keys"]) :
+        key if trimspace(key) != ""
+      ]
      github_username = data.sops_file.secrets.data["github_username"]
-      github_repo = data.sops_file.secrets.data["github_repo"]
-      github_token = data.sops_file.secrets.data["github_token"]
+      github_repo     = data.sops_file.secrets.data["github_repo"]
+      github_token    = data.sops_file.secrets.data["github_token"]
    })
  }
 }

 resource "hcloud_server" "cluster" {
-  name        = "auberon2"
+  name        = "auberon"
  image       = "ubuntu-24.04"
  server_type = "cx22"
  location    = "nbg1"
@@ -65,7 +68,7 @@ resource "hcloud_server" "cluster" {
 }

 resource "hcloud_firewall" "cluster-firewall" {
-  name = "cluster-firewall2"
+  name = "cluster-firewall"
  apply_to {
    server = hcloud_server.cluster.id
  }
@@ -125,4 +128,19 @@ resource "cloudflare_record" "cluster" {

 output "server_ip" {
  value = hcloud_server.cluster.ipv4_address
-}
+}
+
+output "cloud_init_raw" {
+  value = templatefile("${path.module}/cloud-init.yaml", {
+    username             = data.sops_file.secrets.data["username"]
+    user_hashed_password = data.sops_file.secrets.data["user_hashed_password"]
+    user_ssh_public_keys = [
+      for key in split("\n", data.sops_file.secrets.data["user_ssh_public_keys"]) :
+      key if trimspace(key) != ""
+    ]
+    github_username = data.sops_file.secrets.data["github_username"]
+    github_repo     = data.sops_file.secrets.data["github_repo"]
+    github_token    = data.sops_file.secrets.data["github_token"]
+  })
+  sensitive = true
+}