diff --git a/devShell.nix b/devShell.nix index 8d915c97..2914f250 100644 --- a/devShell.nix +++ b/devShell.nix @@ -25,7 +25,11 @@ ''; nf-tf = pkgs.writeShellScriptBin "nf-tf" '' cd "$NF_CONFIG_ROOT/tf" - exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#terraform" -- "$@" + if [[ $# -eq 0 ]]; then + exec nix shell ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#terraform" -c bash -c "terraform init && terraform plan" + else + exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#terraform" -- "$@" + fi ''; nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" '' cd "$NF_CONFIG_ROOT/tf" diff --git a/tf/.terraform.lock.hcl b/tf/.terraform.lock.hcl index 737fbd18..dcff8702 100644 --- a/tf/.terraform.lock.hcl +++ b/tf/.terraform.lock.hcl @@ -23,3 +23,43 @@ provider "registry.terraform.io/cloudflare/cloudflare" { "zh:fd068410027acf7fd11864c9427ed1d7783ef2bc05eece01682e33a25c4119b0", ] } + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.5" + hashes = [ + "h1:e4LBdJoZJNOQXPWgOAG0UuPBVhCStu98PieNlqJTmeU=", + "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e", + "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32", + "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b", + "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a", + "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a", + "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e", + "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc", + "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9", + "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4", + "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8", + "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/vancluever/acme" { + version = "2.19.0" + constraints = "~> 2.0" + hashes = [ + "h1:KYVcGnKzrS3NqhTeh+YqhETukbZMnjdBcFUz47aRUv0=", + "zh:0362a3cd06e5180387f68f6a2b354014057b3efe3c032614654f6303e9295ce9", + "zh:1fca8dd9711f2ac7c62d84e96bd08a365bd33de1c3329c35fda8e57590e0305b", + "zh:22dfd6003158b48fe346f706f254781197331cc8378b5e6c76a70ecaee12e19b", + "zh:27d8b7fc3bad6dbf1b85cc4f0c0c09119603efaede8123a82d4e5b49d31e5205", + "zh:89f8ede926346968e75f48860a964bd4453800546fc46a4fdd5c5a43069b9b99", + "zh:912615105939c6ab65f4c633049b4528cc9fc3316aed2c78e1e8f620554bc40a", + "zh:9eb8091ea8f373a1644733550630f2b2a7d13c48b6868b4344a9508ce199b3b9", + "zh:ba24e6c3bade5a0d601e61950795067d23842c05df0b4618aed3a08a41e6fb0a", + "zh:d3df98345e0c33ca3e81a552e07558dc0107248f10217faae90e95a2d641f5d8", + "zh:e03ffe66fb9ecef8cc5f14729837ec801319f1cd4d5f80560563217b9111ec13", + "zh:e78b4dad910bd791b55f12058cf9f0bda122062cede330c3a2f7e50881e285cb", + "zh:ee153c54ef182aeadae9db3221771a8a3c3bf7f967863ea6d8bfa4f592081062", + "zh:f570a2b13da78a22764c9e626a8b8ce58615f07934d000b567ab12590ea155a1", + ] +} diff --git a/tf/acme_provider.tf b/tf/acme_provider.tf new file mode 100644 index 00000000..ac05a41a --- /dev/null +++ b/tf/acme_provider.tf @@ -0,0 +1,22 @@ +variable "acme_account_email" { + type = string +} + +provider "acme" { + server_url = "https://acme-v02.api.letsencrypt.org/directory" +} + +resource "tls_private_key" "acme_account_key" { + algorithm = "ECDSA" + ecdsa_curve = "P384" +} + +resource "acme_registration" "account" { + account_key_pem = tls_private_key.acme_account_key.private_key_pem + email_address = var.acme_account_email +} + +output "acme_account_key" { + sensitive = true + value = tls_private_key.acme_account_key.private_key_pem +} diff --git a/tf/terraform.tf b/tf/terraform.tf index d460861c..3991fe86 100644 --- a/tf/terraform.tf +++ b/tf/terraform.tf @@ -2,10 +2,18 @@ terraform { required_version = ">= 1.6.0" required_providers { + acme = { + source = "vancluever/acme" + version = "~> 2.0" + } cloudflare = { source = "cloudflare/cloudflare" version = ">= 4.22.0" } + tls = { + source = "hashicorp/tls" + version = ">= 4.0.5" + } } cloud { @@ -16,4 +24,4 @@ terraform { name = "infrastructure" } } -} \ No newline at end of file +} diff --git a/tf/terraform.tfvars.sops b/tf/terraform.tfvars.sops index df9fe038..ad0b699e 100644 --- a/tf/terraform.tfvars.sops +++ b/tf/terraform.tfvars.sops @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:aQfZiJ9huBNA8kXUPaKcl15qI+fT+dJWPlfr5hH25GdbGROnlcQVraoeUjYkFaEQDBbf+dy0UinNi8v2zHBqZemL1zxfYIvLvqRns+SigjXSiRwPXjdZyxLkFIU1rDQy1stebTmuQ3IUusAeR7+ISUjyOdi+9kdGn5kF4JSSMyH0N32I80/3HM6Mh0taPfGxLz0Niycq14/ncNmHUvN4o9laT/ZErSxLAUdZXzauMIA2CCfCH5fH5p0SgGyVC0R6pK854rs569TCEal7fG6/9zgfXZZtn+tA7tLt7Ffw/eSA7e5fMe88pgyg97vpZ37JWNQbrCumC2pExfaUHWXfeo2VUyZmMVuuNMG2n5VGGaNwF7ozP5cepBb36AR6bJoryc7Cel/1RvwLZ44CjA4dl7cUh2ZKKrBR7D+s2UHJBJMV4sNPfnYL/hUL3OAZvOtxXoZVl98VmNfGKPGvGxWGp0QbiYSu9+l+nCYU3LjneytF/BCFJh7Au6gp9+MMohAKSCXLtxu8b7J82VM8WwSKo0LIZ2HPvXgzPCll4rqCeSkSugywJ4Rdmdumw3DJF4lr0IZHTPnKzEeEov7wUW6yUxxrIXWfiEzTUrf1wHcRSqj3vfZErSEemxaDZscOgWvQuvweyWwfaW7vh2Mat8CZBKT/ye3ZkiI405RV/SeKUV3Go69xFxRl6jv97rmiCi62T7FwiZ9fNrD7rykDDKwMRZerhk9IbonqHfEVQQyhuor+3Ba50+6PLn9pl7R59ol2fjzKanwaCF0/Vq8jQ9cou1SJGhCXMFkXjil2z/fkDjfK7JV63WQsJ4O5GS/128wT3CxB03IKbHuxYUIc5kdxRU2X1hWt9tCsiji8GpHL+9y7LH3NEb3eO1Qyp8/pTfrHS7CfOnBtzzQHWvoQH5hq/9z5woZbxn12i+iYZbhty9Ovcnzn8hZ8N2qY/p2yopZ0lJnPVlKqVv3c/QF9lPoPGCPPCXBinz8g0cpPnq3P7JaGV3lqu/dbPyFp7JE3uVtOX//KJqmarrI+LKQ=,iv:6e2GXBrFVja3oXUkSzGAEA1uYDgv0Z5mSPiQD1krbQs=,tag:1qwH4nhU1lbhfbLlfm2DjA==,type:str]", + "data": "ENC[AES256_GCM,data:+OLe87CIr0i0eyw8xav9LVglS3SUF+CD5A7wr2EqOItsZhOnFyC3JzC/FR5GLlHQuix2Jdv6RWC6Qubsj6CVV+Ojxk5y1MFBYHTRSSvCR2NErb5mFn96NsPx0pUKtiYtDhk31GZClBrICNZd9J/CBWpcEuD8KQlvZHu/9lIp3dRepG9mo1F/bJC0NUO+eS9zds0tz0SmVNZn7FIz6+XK4DFUqCiFwMxqEAM9tkbRitkgaJFzP0nfVdtGSEnvvapnsFvneIW7yCPDBqNOjwIeyRgM1vyewvlf9lW2iL1dhv4gKvYmRvtEC8eq6LD9yK04N709SZUqxPpn9jO8QNIqHZgUsU0+9HymxSJmVvRZqaI1zS0HDAr4q+JuO+t1druEjZzyO5Pb9yNbXKcLK5x0ANOxhODnt5iQOnteq2KgSQWlgm5p0ol3WcDzlObMXXW+2R9KYwJ157AkkJck8d1QEtU8eSBsnJRBrdZwsaYzyfZ9M/GppzUIzHOGMIEByhskLIB7U+uR8K5eP70VvUyV4y2iQFdY5MxRrdtLMiQAe5RtLOMTTq5i6pZXpEF3hkGcYSVu2cHnioy1g4K4TPF4t3uiPZfGCQaz7jPssgwExpbkggz9efKYxADCV1otcqW3+0GUTHy+ZZorFJYhhINezQ8URXkGNr8b5rX12m1fb3i9HPb6AY0p10Oh5eetvBXVQK3oqrBYC63ZKCjMXHGkxAMFF/bLsjrppHaADTLld++u8ipVcamXBqBlVfIQGCpQkWRLcWX6MnPwkCNQQbWPYIHlEEjznF7S3jMKpBE56H+Pbaclejrr/ee7lFqcEBN5+P+WTVJqvTQ0f5W5Krq1O/Ouyrtp3ml00N+wZH3BMy/t+c03sE5rIv+/mdtF+wy0As5ibpC4ttTZ604N0bZwmd7PBhKHTXBvecOC8xofTvym7yoee23e5Q8WUVfOaz6Ph0rW/QvQSXUmdarPC2epz+9iTenGFvQ2gCKqUA==,iv:ZItahuq3XUdZdit6jpsTbedKPwb2cYw0omx33Rf6o9s=,tag:9sX7LQ58Z0qk9SSoPVuiCw==,type:str]", "sops": { "shamir_threshold": 1, "kms": null, @@ -7,8 +7,8 @@ "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-01-20T21:05:40Z", - "mac": "ENC[AES256_GCM,data:VQjveQ626J3wdWqbOtY2og7bCokGWvU4JOJd7KD6lBwhHCS759xaTNbqR3FCQpaC2Kjfh0C1i5FXYslOamttz8Px0VSZzGARuTiFiLE4ztDNPCU76x4NzSR7nYd33ipDzgj54xdpIBt/R1EsAIQegEBy18wglU7Sp6M1RbKVZCY=,iv:E7qy1DLlvQGO1OuYD2lfxyEa84SbrRShD9lHIOfjSdE=,tag:LwjyuROYKmU3XRBGhVcMbg==,type:str]", + "lastmodified": "2024-01-23T17:02:46Z", + "mac": "ENC[AES256_GCM,data:+Oh6p7p325mSuHEWSC2aSD/WvSCelTpY7RV9fBli2TCxeFLdDGt6XTLZykFDjMq+5kHmJU2z3qTZm2bs0IbQ2h3pN5O5vL2+jJ17o3iKGwWvoim+2Nj3JChrzmUCLzqx04ZxojMrli2Af4eF/hDSHS4dcqTSxh/GiZeIPnoQwdA=,iv:veIp9YJ/CADUHpitvg3WMBiYzC1pEvevC14AhytfiE4=,tag:k6oYO2g1ng3gFLt6AbGSrg==,type:str]", "pgp": [ { "created_at": "2024-01-14T19:49:29Z",