Generate an Age key:
```
age-keygen -o key.txt
```
Create a .sops.yaml file in your project root:
```
creation_rules:
  - path_regex: secrets\.enc\.yaml$
    age: <your-age-public-key>
```
Replace <your-age-public-key> with the public key from your key.txt file.

Create a secrets.yaml file with your sensitive data:

username: <your-username>
user_hashed_password: <your-hashed-password>
user_ssh_public_key: <your-ssh-public-key>
github_username: <your-github-username>
github_repo: <your-flux-repo-name>

Encrypt the secrets file:

sops -e secrets.yaml > secrets.enc.yaml

Create a terraform.tfvars file for your Hetzner Cloud token:
```
hcloud_token = "your-hetzner-cloud-token"
```
Initialize Terraform:
```
terraform init
```
Plan your Terraform deployment:
```
terraform plan
```
Apply your Terraform configuration:
```
terraform apply
```

File Structure

main.tf: Main Terraform configuration file
variables.tf: Terraform variables definition
cloud-init.yaml: Cloud-init configuration template
secrets.enc.yaml: Encrypted secrets file (do not commit to version control)
terraform.tfvars: Terraform variables values (do not commit to version control)
.sops.yaml: SOPS configuration file

Usage

After successful provisioning, you can access your new server using SSH:

ssh <your-username>@<server-ip>

The server IP will be output by Terraform after successful application.

Customization

Modify cloud-init.yaml to change the initial server setup.
Adjust main.tf to change Hetzner Cloud resources or add additional configurations.

Security Notes

Never commit secrets.yaml, secrets.enc.yaml, or terraform.tfvars to version control.
Keep your key.txt file secure and backed up. Losing this file means losing access to your encrypted secrets.

Troubleshooting

If you encounter issues:

Check Terraform output for errors.
Review cloud-init logs on the server: /var/log/cloud-init-output.log
Ensure all required variables are correctly set in your encrypted secrets file.

For further assistance, please open an issue in the project repository.